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This edition of Practical Aviation Security is dedicated 
to all victims of air terrorism, and to those who 
diligently serve to keep aviation safe and secure 


Forewords 


Today as I was about to board the commuter train to my job in Manhattan, an 
older gentleman approached me on the platform saying, “I noticed the pin on 
your lapel. I was there too.” It is a small pin that at first glance appears to be two 
streaming American flags hung side by side in vertical fashion. The chairman of 
my agency presented this to employees and colleagues 7 years ago in commemo- 
ration of an event that has since defined our lives and professions, wrenched our 
industry, and absorbed our national attention and resources. It was an event, as 
this gentleman’s remark showed, that continues to bring strangers together in 
remembrance and renewed commitment to protect what is precious to a free 
society. 

The work that the aviation industry and government have undertaken to ensure 
the security of air travel and commerce now informs other industry and business 
sectors of our economy. Indeed, security is now a pervasive element of business 
and social life around the world. The challenge of aviation professionals and 
government officials is how to achieve this security while preserving the vitality 
of the industry and the liberties of our citizens. 

Jeff Price and Jeffrey Forrest’s thorough text on aviation security instructs us 
in the history of assaults against civil aviation, which is nearly as old as civil 
aviation itself, while underscoring the changing nature of the assaults and the 
evolution of our government’s response to these threats. The book documents the 
dramatic restructuring of transportation security oversight and regulation follow- 
ing the terrorist attacks of September 11, 2001, and provides us with a detailed 
understanding of the laws and regulations, the agencies and stakeholders, and the 
operating procedures and technical resources now brought to bear in the security 
of aviation. 

Much has been accomplished to protect commercial flight from hostile intent, 
and time has proven the resiliency of the aviation system and our nation. There 
is, of course, still more to do, and we will look to those who follow us, perhaps 
some who are reading this book, to continue the vigilance and stewardship of this 
great industry. 

May this little lapel pin that symbolizes the World Trade Center long remind 
us of those we lost in New York, NY, Arlington, VA, and Shanksville, PA, on 
September 11, 2001, and inspire us with confidence in the endeavor to pursue 
tolerance and understanding by drawing the world closer when we exercise our 
freedom and right to travel. 


Jeanne M. Olivier 
General Manager, Aviation Security and Technology, 
The Port Authority of New York and New Jersey 
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Forewords 


The morning of September 11, 2001 (9/11) will go into history as a time that 
changed the way we live for many years to come. The bold and cruel nature of 
the terrorist attacks that led to the death of thousands of innocent people demon- 
strated how vulnerable we are when the enemy ignores the “rules of war.” We 
were caught unprepared as the terrorists attacked one of the most sensitive and 
fragile technological systems we rely on—aviation. For the sake of accuracy, we 
should underscore that the attacks were not against aviation per se, but instead 
used aviation as a means to damage targets symbolizing our way of life and our 
sources of societal power—free enterprise, military infrastructure, and a dem- 
ocratically elected government. 

Terrorists have targeted aviation many times in the past. However, prior to 
9/11 hijacked airplanes had not been used as weapons against ground targets in 
such dramatic and strategic ways. Terrorists have been more attracted to using 
aviation than other modes of transportation. Nevertheless, many voices doubt as 
to whether the enormous investments in protecting the aviation system are reason- 
able since in the best case we can only divert terrorism from aviation to other 
targets. These are valid concerns that responsible governments must address. In 
this regard, governmental decision making creates policies and laws that not only 
protect global aviation but also establish national priorities. 

A fundamental premise for this book is that the protection of aviation should 
be a national priority. On the morning of 9/11, the U.S. government and its 
security forces had relatively little knowledge of how to protect aviation from 
terrorism. In the United States, the pre-9/11 era was characterized with aviation 
security as a low national priority. Aviation security was perceived as an unpro- 
ductive budget item. Therefore, many decisions related to aviation security were 
based on trade-offs related to costs rather than effectiveness. Additionally, 
there was no attempt to create an effective security system that would challenge 
the increasingly sophisticated methods of global terrorism. As a result, the United 
States lacked a knowledge base to defend itself against the 9/11 attacks. Since 
9/11, the United States has partially addressed this weakness by importing knowl- 
edge and expertise from other countries, such as Israel and the United Kingdom. 
This book will help to minimize this concern by greatly enhancing the reader’s 
knowledge and expertise related to U.S. aviation security. 

In the first few years after 9/11, aviation security focused mostly on improving 
the screening of passengers and baggage. This policy resulted in a few critical 
misconceptions, including the belief that passenger checkpoints and screening of 
baggage can inclusively protect us from all threats to aviation security. Recently, 
the Transportation Security Administration has recognized the need for other 
security measures at airports like perimeter protection, access control, and suspi- 
cious behavior detection (among many other methods and strategies). In the spirit 
of adopting new security measures, we must always be reminded of the cliché 
that any security system is as strong as its weakest point. Therefore, developing 
proactive and comprehensive methods and strategies for use in our aviation secu- 
rity system is a continuous challenge. The attack resulting in the destruction of a 
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Russian passenger aircraft taking off from Sharm El Sheih (Egypt) with Airport 
employees involvement and the latest attack at Brussels Zaventem Airport public 
areas (both carried out by ISIS) are a tragic reminder that our job is not yet done. 
New terrorist organizations like ISIS push the envelope of uncivilized human 
behavior beyond anything we have seen in the past and we must be prepared to 
challenge them. 

This is the reason why I compliment the authors of this text for rightly choos- 
ing a broad approach to addressing aviation security. Mr. Price and Dr. Forrest 
did a great service to worldwide aviation security by covering the subject in a 
very comprehensive manner, from the history of attacks against aviation to the 
detailed discussion of today’s threats, from mitigation tactics to the different tech- 
nological systems. The detailed discussion of different strategies from profiling to 
everybody is equal and various solutions that try to keep the system effective 
without jeopardizing the social values we try so hard to protect is a critical dis- 
cussion. The reader will find all these issues well handled by the authors, and as a 
result be able to perform with greater understanding. This is the first time that 
interested readers can find a concise guide to aviation security. The industry 
requires this kind of book that will lead readers not only to a better understanding 
of this very complicated subject, but will also resolve many of the myths that 
surround aviation security. 


Rafi Ron 
CEO, New Age Security Solutions (NASS)/Director of Security 
at Tel Aviv’s Ben-Gurion International Airport (1997—2001) 
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The profession of aviation security continues to change by embracing new threats, 
challenges to security management, and adoption of new technologies, processes, 
policies, and legislation. In reflection of this dynamic, aviation security courses 
and professional development opportunities in aviation security have flourished 
globally. We both recall that in the few years following 9/11, many colleges and 
universities that had started aviation security courses were beginning to eliminate 
them from their curriculum. These cancellations were primarily attributed to a 
lack of expert derived course materials that could be used to support those clas- 
ses. This is the principal reason we decided to write Practical Aviation Security— 
Predicting and Preventing Future Threats. This text, which is now entering its 
third edition, has been widely adopted by national academic intuitions, 
professional organizations, and security practitioners to meet the academic and 
professional needs of the domain of aviation security. Those using previous 
editions of this textbook will note significant changes in almost every chapter of 
the third edition. 

As stated, our industry is highly dynamic and constantly challenged with new 
threats. In just the year prior to this publication, we witnessed several major 
attacks on aviation; for example, the (a) bombing of a Metrojet over Egypt, 
(b) hijacking of an EgyptAir flight, (c) takeover by a pilot of a Germanwings air- 
craft, who in an act of suicide and homicide crashed into the French Alps killing 
all on board, and (d) suicide bombing attack in the public area of the Brussels 
Airport. Additionally, the global proliferation of unmanned aerial vehicles 
(UAVs) is posing both new safety and a security hazards—demonstrated at the 
time of this writing, as one UAV recently hit a British Airways airliner. 
Nonetheless, UAVs convey the potential to improve security surveillance techni- 
ques, better emergency management situational awareness, and improved intelli- 
gence gathering. There were also several airport perimeter breaches since 
the second edition of this text, causing a demand for more focus on perimeter 
security at airports and the development of intrusion detection systems. Airport 
security managers are now administering more requirements as related to security 
credentialing and issuance of airport identification badges and control access to 
the airfield. In the third edition we have also continued to add to the history of 
aviation security incidents, which are important to remember and understand as 
we continue to manage future threats to security! 

Increased focus on threats to aviation also include the militant group of the 
Islamic State of Iraq and Syria, the “radicalized” US citizen terrorist, and the 
“insider-threat” to the aviation industry. Although the insider-threat is not new to 
aviation, lawmakers have recently called for the total screening of all aviation 
workers as a result of the strong probability that a recent Metrojet bomb was 
placed by an inside aviation worker. Also, several airline employees were recently 


xxi 


xxii 


Preface 


caught in a weapons smuggling operation between Atlanta/Hartsfield 
International Airport and John F. Kennedy International Airport. Atlanta/ 
Hartsfield adopted the new all employee or airport worker screening policy 
(Orlando International and Miami International are examples of airports that have 
been doing total employee screening for the past several years). While the deci- 
sion has still not been made whether to require 100% employee and airport 
worker screenings at airports, the US Transportation Security Administration 
(TSA) and the industry are already moving forward with implementing 
“employee inspections,” which varies from total screening, but may still provide 
the same level of protection and at a lower cost. 

During the release of our last edition, the TSA was beginning to implement 
risk-based security (RBS). Today, the TSA’s passenger Prev (PreCheck) program 
is the primary method of RBS used by the TSA. PreCheck continues to grow, 
albeit much lower than the TSA had anticipated. The TSA also experienced chal- 
lenges when an inspector general’s “red team report” was released documenting 
a near 97% failure rate for their screeners to detect weapons and other prohibited 
items. Another similar report revealed that as many as 73 TSA employees were 
also on their active terrorist watch list! In partial response to these notifications, 
a new TSA administrator has been placed in charge. However, in the new admin- 
istrators attempt to address the poor screening detection rates, passenger screening 
lines have slowed throughout the nation drawing the ire of airport directors and 
passengers. Tragically, the TSA also suffered the death of Gerardo Hernandez, 
a TSA agent at LAX, who was killed in the line of duty by an active shooter, on 
November 1, 2013. There have also been attempts to defund the Federal Flight 
Deck Officer (FFDO) program, along with the removal of the secondary flight 
deck protection barriers from airplane cockpits. These actions were sought, 
despite research that demonstrated that there is a significant reduction in the risks 
of being hijacked, when the FFDO and flight deck protection barriers are 
sustained. 

A challenge to writing about airport security is doing it without providing crit- 
ical information to your adversaries. However, we believe the potential benefits 
of sharing information and knowledge related to airport security with industry 
members outweighs this risk. We also think it would be a disservice not to help 
inform and educate industry about basic strategies for protecting its infrastructure 
and, more important, the traveling public. For these reasons, we decided that the 
goal for this text is to serve as a resource for those interested in gaining a better 
understanding of airport security and applying practical strategies to improve avi- 
ation security processes. 

The basics of airport security—the practical strategies—are not difficult to 
comprehend. Indeed, it is probable that your adversaries are already familiar with 
most of the common airport and airline security strategies. This dilemma is simi- 
lar to challenges faced by police agencies. For example, police departments might 
hesitate to share with the public information that could deter theft. In this exam- 
ple, police agencies may fear that by releasing this information, burglars will 
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better understand what defenses they need to overcome to commit a robbery. On 
the other hand, information shared by the police may help the public learn better 
ways to secure their property and potentially lower the risk of a robbery. We rec- 
ognize that even with these strategies, criminals continue to seek ways to over- 
come various forms of security. That is why it is important for security experts to 
share new or improved methods for implementing security strategies. Planning 
and implementing airport and airline security procedures are constantly evolving, 
requiring continual long-term evaluation and implementation. 

Even with the most current knowledge and security procedures, airports and 
airlines will remain threatened by criminal or terrorist activities. Perpetrators will 
consistently seek new paths to overcome security methods. We refer to this as 
pursuing a strategy of least resistance that the criminal or terrorist will exploit to 
accomplish the goals. This is an important premise for those concerned with air- 
port and airline security. In this text, a history of air terrorism and related lessons 
learned will demonstrate that most attacks on aviation were and continue to be 
simple strategies developed by perpetrators to overcome established security 
methods with the least amount of effort. 

In addition to the effect security procedures have on criminals or terrorists, the 
value of the perpetrator’s goal or target will also affect where and how the perpe- 
trator will strike. Aviation is a high-value target. It is the economic lifeblood of 
global commerce; global societies now depend on aviation to conduct business. 
Business travelers constitute a significant portion of the air-traveling public. Over 
the years since the attacks of 9/11, vacationers have returned to the skies as a pri- 
mary mode for traveling to resort destinations, and there is strong demand for 
same-day or next-day delivery of high-value cargo. The reliability, safety, and 
security of air transportation are critical to global economies. 

Industry professionals and others, such as the traveling public and the media, 
would prefer a “silver bullet” to address all aspects related to planning and imple- 
menting aviation-related security programs—especially airport security. The real- 
ity of aviation or airport security is that it is a highly dynamic and complex 
system of “layers of security” containing policies, strategies, tools, and processes. 
Each layer is designed to prevent, deter, or enable response to a particular attack 
or set of attacks. Providing layers of security is a well-established security strat- 
egy. In his book America the Vulnerable, Stephen Flynn (2004) described layered 
security as the constant application and evolution of multiple security measures 
designed to provide high levels of deterrence. Flynn also recommended that secu- 
rity measures should balance the probability of criminal activity in relation to the 
value of the target. In this regard, the more valuable the target, the more need for 
increased layers of security. The TSA commonly refers to these layers as “con- 
centric rings of security.” Airport and aircraft security managers must understand 
that a single layer of security will not be 100% effective in blocking criminal or 
terrorist activity. However, through proper planning and implementation, multiple 
layers of security initiatives may provide a probability of nearly 100% effective- 
ness against these threats. Therefore, we believe that each layer of security, 
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performed to its fullest level of effectiveness and combined with other layers of 
security, will result in the highest level of deterrence obtainable. 

A major goal in aviation or airport security is that security agents should strive 
for maximum effectiveness in their area (layer) of responsibility. Essential to 
embracing this goal is an understanding by all personnel that attacks will probably 
occur regardless of how many layers of deterrence are in place and how effective 
those layers are. If the target or goal is sufficiently valuable, the criminal or 
terrorist’ will continue to evaluate or attempt new strategies of least resistance to 
achieve their objectives. 

Despite numerous security improvements implemented globally after the 9/11 
attacks in the United States, criminals and terrorists continue to disrupt or destroy 
facets of the global aviation system. Terrorists view aviation as too valuable of a 
target to ignore. This is a grave realization when one considers that many in the 
industry argue that aviation security processes remain faulty, even when consider- 
ing post-9/11 security-related initiatives. 

Accepting the premise that attacks will continue to occur regardless of what 
we do is usually unacceptable. We do not argue that there should be 
acceptable losses and that we should continue to tolerate these losses. Rather, we 
believe losses will continue to occur regardless of the security system. As security 
advocates, we should design and implement practical and effective security mea- 
sures to help mitigate or minimize these losses. These efforts are analogous to 
managing and enhancing safety in commercial aviation. Although occasional air- 
craft losses occur (as a result of pilot, maintenance, or manufacturing errors, as 
well as other causes), the industry strives to reach a “zero loss rate,” while simul- 
taneously acknowledging that the perpetual realization of this goal is unlikely. 

Another precarious assumption made by some aviation security practitioners is 
to consider aviation security as being restricted to addressing acts of terrorism 
and therefore only focusing security efforts on preventing terrorist acts. The avia- 
tion security system must also address crimes against aviation and those using 
aviation to facilitate other forms of crime, such as drug trafficking, human traf- 
ficking, and the transportation of stolen property. Airports and airlines are busi- 
nesses and experience crimes similar to those affecting nonaviation companies, 
such as employee theft, workplace violence, and cyber-threats. Airports and air- 
lines are entities with a large general population passing through their facilities 
and onto aircraft every day. In this environment, there are numerous opportunities 
for criminals. 

Many government agencies have offered various definitions for terrorism. 
However, law enforcement agencies and the US District Attorney’s Office deter- 
mine whether a particular act is a form of terrorism. For example, the attempted 
bombing of American Airlines Flight 63 by Richard Reid (the “shoe bomber”) 
was considered an act of terrorism. In contrast, the shooting by a single 





'We use the terms crimes against aviation and criminal and terrorist acts interchangeably with the 
commonly used phrase acts of unlawful interference. 
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perpetrator of three individuals waiting in line at the El Al ticket counter at Los 
Angeles International Airport in 2002 was considered under the criminal defini- 
tion of murder (ie, not terrorism). The aviation security practitioner should not be 
distracted with whether the event she or he is trying to prevent is rooted in terror- 
ism or criminal activity. Rather, the security practitioner should focus on develop- 
ing and implementing practical systems, measures, and procedures to prevent all 
forms of attack and criminal activity. 

As individuals concerned with aviation security, our primary goal should be to 
do everything possible to ensure that the layers of security for which we are 
responsible are effective. There is an old saying in military law enforcement: 
“Not on my watch.” This adage implies that, as individuals, we are not in control 
of everything but do acknowledge our responsibilities for those factors we do 
control. In this spirit, we must routinely create and implement practical strategies 
for managing these factors in ways that continuously improve aviation security. 

Practical Aviation Security—Predicting and Preventing Future Threats is a 
comprehensive reference for academicians and students, new and experienced avi- 
ation security practitioners, airport and airline administrators, government security 
personnel, and researchers. It is written by career professionals Jeffrey Price (MS) 
who is a well-recognized international aviation security practitioner and commer- 
cial pilot and Jeffrey Forrest (PhD) who has directed many research applications 
in aviation and aerospace science and is also a commercial pilot. Both Price and 
Forrest are also Professors of Aviation and Aerospace Science at Metropolitan 
State University of Denver, Colorado. We recognize that one cannot embark on 
such an endeavor, particularly within the fast-moving field of aviation security, 
without taking the risk that certain information will be out of date by the time the 
book reaches publication. To that end, we encourage you to visit the companion 
web site at http://www.leadingedgestrategies.com for updates and additional infor- 
mation on changes that have taken place in the ever-evolving aviation security 
industry. 


Jeffrey C. Price and Jeffrey S. Forrest 
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Overview of the aviation 
industry and security in the 
post-9/11 world 


OBJECTIVES 


This chapter provides an overview of the national aviation system and an introduc- 
tion to the development and environment of aviation security since the September 
11, 2001 (9/11), terrorist attacks. Readers gain insight to the national aviation sys- 
tem and its importance to society. A fundamental framework describing the roles of 
airports, aircraft operators, and regulatory agencies involved in sustaining effective 
aviation security is presented. Fundamental to modern aviation security strategies 
and methods are lessons learned from the 9/11 attacks. Aviation security practi- 
tioners and students of aviation security should have at least an elementary under- 
standing of the circumstances surrounding 9/11. Therefore, a case study describing 
the events of 9/11 and integrating concerns of aviation security is also provided. 


INTRODUCTION 


Despite other targets, terrorists remain fascinated with aviation. Throughout most 
of the history of aviation, terrorists and criminals have used aircraft and airports 
to conduct many forms of unlawful activity. Examples include special-interest 
groups or terrorists using aviation to gain geopolitical attention and criminals 
using commercial aviation or general aviation (GA) to smuggle drugs, weapons, 
cash, and stolen goods. In these cases, aviation has provided a public stage for the 
former and an expedient distribution channel for the latter. Aviation is essential to 
sustaining the economic viability of world commerce, the movement of people 
and cargo, and the flow of information and knowledge throughout society. 
Therefore, those responsible for protecting the aviation industry must be proactive 
in developing and implementing strategic and tactical systems that are effective 
in mitigating criminal and terrorist activity. Since the terrorist threat is always 
evolving, aviation professionals must be proactive in predicting future threats. 
The aviation industry is composed of a series of overlapping operational areas 
or a “systems of systems” that security personnel must protect. Examples include 
the management of passenger needs, such as parking, baggage check-in, and 
screening (Fig. 1.1), along with other requirements, such as health concerns or 
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CHAPTER 1 Overview of the aviation industry and security 





FIGURE 1.1 





Passengers go through security screening at Denver International Airport. 


guarding secured areas. Those responsible for each area must work in harmony to 
maintain aviation as an effective form of global transportation. Evaluating effective- 
ness in aviation security requires a variety of methods—from ratios used to develop 
metrics measuring baggage throughput or passenger flow, to extensive security eva- 
luations conducted by various government agencies and private corporations. 

Aviation is an effective and efficient mode of transportation affecting world- 
wide social and economic stability. In a little over 100 years, aviation has 
completely changed the way people travel around the planet. The entire world is 
now reachable in a matter of hours, and the miracles of today’s world would not 
be possible without aviation. In the IMAX movie, Living in the Age of Airplanes, 
narrator Harrison Ford says: “What was once a migration, is now a vacation.” 
As a symbol of modern commerce and prosperity, aviation is a highly desirable 
target to terrorists and criminals. 

The ability of aviation to move people and property faster than competing forms 
of transportation is essential to its economic viability. The Internet and related tech- 
nologies such as videoconferencing and telecommuting provide additional options 
to transport information, knowledge, products, and services. The advantage aviation 
has over rail, trucking, and watercraft is speed, whereas its advantage over video- 
conferencing is that people generally prefer face-to-face communication. 


Cost of Failing to Protect Aviation and Importance of Threat Response 


Shortly after the terrorist attacks of 9/11, it was thought that if there was 
another major terrorist attack on aviation, travelers would shift modes to different 
forms of connecting, such as videoconferencing. While that has yet to occur, sus- 
tained criminal or terrorist activity on aviation often causes a temporary shift in 
passenger demand from airline travel, of which business travel is a significant 
percentage, to alternate forms of interaction or travel, such as videoconferencing 
or traveling via privately owned or chartered aircraft. These changes in demand 
for transporting people, cargo, or information could present airlines with serious 
economic challenges. Had several additionally planned terrorist attacks, such as 
the shoe bomber in 2001, the liquid bomb plot in 2006, and the underwear 
bomber attempt in 2009, been carried out, more people might switch to alternate 
forms of connecting, at least until their confidence in the system is restored. 

If business travelers switch to alternate modes of travel, commercial airlines 
will have to increase the cost of tickets to those passengers (usually leisure trave- 
lers) who cannot afford business rates. As costs increase, leisure travelers may 
not be able to afford air travel, resulting in more “staycations,” which do not 
require air travel. Airlines would then have to raise prices to compensate, as more 
leisure flyers switch to ground transportation. Additionally, many industries, such 
as the hotel, rental, and tourist industries, rely heavily on air transportation for 
their businesses to be successful. Repeated attacks on aviation could lead to a 
significant restructuring of commercial aviation. 


THE COST OF FAILING TO PROTECT AVIATION AND THE 
IMPORTANCE OF THREAT RESPONSE 


Despite its complex nature, the aviation industry’s primary infrastructure consists 
of aircraft operations, airports, and supporting agencies. Many types of aircraft 
are used in various operations around the world. These operations are commonly 
categorized as commercial service, private operations (categorized as GA), and 
military operations. Airports are usually categorized as commercial service, GA, 
private, or military. 

The terrorist attacks in the United States on September 11, 2001 (9/11) were 
designed to damage global security and the US economy—an economy reliant on 
aviation. A critical strategy for responding to terrorist threats is to moderate the 
response to not cause further deterioration to the economy or stability of a society. 
Terrorist organizations understand that they usually do not have the forces or 
resources to defeat an enemy in a traditional military conflict. Therefore, terrorists 
operate more indirectly, striking in ways that cause targeted countries or societies 
to incur loss of life, economic damage, changes in policies, or other effects. These 
attacks are usually designed with the hope that countries or societies overreact in 
ways that further diminish the ability to protect or sustain safety and economic via- 
bility. Terrorists also know that with each subsequent attack, the targeted populace 
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gives up more of its freedom through changes in laws and policies or by accepting 
that intrusion into private lives is unavoidable and required. In these ways, terrorists 
cause economic and social degradation within nations and societies. 

Terrorism has additional effects beyond the initial loss of life and property. The 
direct economic effects of the 9/11 attacks showed a financial loss of $190 billion 
dollars (Mueller and Stewart, 2016, pp. 275—276), but other, less direct impacts 
occurred. As a lasting effect of 9/11, large amounts of resources were committed to 
secure the production, distribution, communication, and financing industries from 
terrorist attack (Makinen, 2002, CRS-2), as well as to secure the US aviation system. 

Another concern after 9/11 was the increased price of oil. However, oil prices 
spiked only briefly before returning to relatively normal prices, at least until 
2008. Additional concerns resulting from 9/11 also affected US trade partners, 
especially Canada, Mexico, and Japan. Numerous businesses, including financial 
institutions, insurance companies, commercial banks, pension funds, and stock 
exchanges, were also affected by the attacks. Also directly affected was the 
destruction of the World Trade Centers (WTCs), shattering the leading dealer in 
US Treasury securities, Cantor Fitzgerald including the loss of their staff, who 
accounted for almost one-quarter of all those killed in the WTC attacks. The 
grounding of all aircraft also created a financial impact, as the clearing of checks 
and the distribution of paper currency were hampered (Makinen, 2002, CRS-2). 

US airlines were already experiencing financial problems leading to the US 
Congress approving an aid package worth over $5 billion in short-term assistance 
and $10 billion loan guarantees. The insurance industry experienced a loss of an 
estimated $40 billion, and while the insurance industries had the capital to cover 
the costs at the time, they may not be able to if devastating attacks continue. The 
impacts of 9/11 on the agriculture and food industry were minor setbacks in the 
commodities market; however, the subsequent Anthrax attacks resulted in the pas- 
sage of new laws to reduce the industries vulnerability to bioterrorism. Also, nearly 
1800 businesses were disrupted, relocated, or destroyed as a result of the attacks, 
and 462 mass layoffs displaced 130,000 employees. In New York City (NYC), the 
destruction of the WTC towers and nearby businesses had a major impact on the 
Gross City Product (GCP) of NYC, reducing the GCP by approximately 27.3 
billion and tax losses as a result of the attacks, reducing city tax revenues by over 
$2 billion in fiscal 2002 and another $1 billion in fiscal 2003 (Makinen, 2002, 
CRS-5 and 6). In addition to appropriate responses to terrorist or criminal attacks, 
those charged with protecting aviation must ensure that strategies and technologies 
remain current and viable for defending against new threats. Security practitioners 
employing outdated strategies and tactics create opportunities for terrorists to use 
these systems to their advantage. For instance, the 9/11 attacks showed ingenuity 
and were organized using modern technologies (eg, the Internet) to defeat what was 
essentially at the time, a 1970s aviation security system. 

Flawed management in designing and implementing modern security systems 
can also create opportunity for criminals or terrorists. For example, industry is 
responding to terrorism by investing billions of dollars in research and 
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development for improved explosives detection equipment. Of concern is that 
much of this technology has not undergone extensive testing before deployment. 
Although technologies used in various explosives detection equipment! are mostly 
valid, the mean time before failure (MTBF) for these technologies is often low 
when used in a non-airport environment. As an example, the deployment of the 
thermal desorption unit proved to be ineffective when the units were not resilient 
enough to handle the airport environment. Many early-model explosive detection 
devices were not designed or tested to sustain the day-to-day usage at commercial 
service airport screening checkpoints. The industry is still catching up in develop- 
ing other security strategies, such as employee security awareness and passenger 
profiling—strategies that other nations have used since the 1980s—and, perhaps 
most critically, the ability of our intelligence agencies to penetrate groups that 
represent credible threats. The increased focus on tracking and either arresting or 
eliminating known threats, such as the attack on and subsequent death of Osama 
bin Laden and Anwar al-Awlaki, have weakened one of aviation’s primary ene- 
mies, al-Qaeda, but others, such as ISIS/ISIL have taken their place. 

In response to the challenges in aviation security, the US National 9/11 
Commission on Terrorist Attacks upon the United States (the 9/11 Commission)” 
and other security and policy experts developed and recommended strategies that 
should be effectively and efficiently implemented. However, implementing new 
aviation security methods has traditionally been reactive rather than proactive. 
Those charged with protecting the aviation industry must adopt a philosophy of 
sustained proactive improvement. Therefore, aviation security practitioners must 
not stop moving forward in implementing proactive forms of security—our foes 
are committed to their cause and we must be exceedingly committed to ours, but 
we must also not ignore existing and successful strategies to attack aviation, or 
else terrorists and criminals will continue to exploit identified weaknesses until 
the method of attack is no longer successful. 

Although time is of the essence in commerce, it is critical in the aviation 
industry. Passengers must travel safely and efficiently. However, reasonable com- 
promises must be made for the system to continue functioning. A terrorist attack 
may be devastating and certainly tragic. Nevertheless, it would be even more 
tragic to allow such an attack to cause further economic and social damage by 
impeding global aviation. Resiliency: the ability of a security system to appropri- 
ately respond and quickly recover is a fundamental principle in planning and 
managing aviation security systems. 





‘For example, a gas chromatograph or a programmed thermal desorption unit. 

?The 9/11 Commission was “an independent, bipartisan commission created by congressional legis- 
lation and the signature of President George W. Bush in late 2002. It was ‘chartered to prepare a 
full and complete account of the circumstances surrounding the September 11, 2001, terrorist 
attacks, including preparedness for and the immediate response to the attacks’. The Commission is 
also mandated to provide recommendations designed to guard against future attacks” (see 
www.9-1lcommission.goy). 
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FIGURE 1.2 





Aviation security embraces the protection of passengers, airports, airlines, and the 
national aviation system. 


As discussed, aviation is vital to the survival and growth of the world’s 
economy (Fig. 1.2). Aviation is also a symbol of prosperity and stability among 
societies. An essential responsibility of those charged with protecting aviation is 
to balance responses to threats with the requirement to facilitate safe, secure, and 
efficient transportation of passengers. 


AVIATION ECONOMICS 


Airports are the closest object to a time portal to the rest of the world. Walking, 
driving, or moving by rail can take days or weeks, to cover the distances that avi- 
ation covers in hours. US air carriers transport an estimated 800 million passen- 
gers and over 61 billion tons of freight every year. Expenditures from passenger 
spending during air travel are estimated at over $260 million annually, and civil 
aircraft manufacturing continues to be the top net exporter in the United States 
with a positive trade balance of $54 billion (FAA, 2014, p. 4). According to a 
study by the Federal Aviation Administration (FAA), civil aviation accounts for 
$1.5 trillion in total economic activity, supports 11.8 million jobs, and contributes 
to 5.4% of the nation’s Gross Domestic Product (FAA, 2014, p. 5). 


Aviation Economics 


Aviation’s economic effect is not only to the industry itself. While primary 
impacts of aviation include air transportation and supporting services, travel and 
other trip-related expenditures by passengers, secondary impacts include the 
results of expenditures to supporting businesses and entities, and the spending by 
direct and indirect (hotel, restaurant, ground transportation, etc.) employees 
(FAA, 2014, p. 8). Commercial aviation accounts for the majority of civil avia- 
tion’s economic contribution, with operations generating $373 billion in total 
output (as calculated by earnings, output—the value of goods and services 
produced, and jobs that are directly or indirectly related to the industry). When 
airline passengers reach their destinations, they spend money to the tune of over 
$671 billion on hotels, rental cars, and entertainment. 

Despite the setbacks on 9/11, the airline industry is growing at nearly double 
the growth rate of the US economy (FAA, 2014, p. 14). In several measurable 
categories, including output, earnings, and job growth, aviation continues to grow 
in both the commercial aviation and GA sectors (FAA, 2014, p. 14). The intro- 
duction of commercial space and commercial, government, and recreational drone 
operations is likely to continue to increase these numbers. 

GA aircraft operations account for nearly $79 billion in total annual output 
(FAA, 2014, p. 8), just from an operational perspective that does not including 
multiplier and other factors. Taking into account induced activity, GA generates 
more than $150 billion in economic activity on an annual basis and employs 
more than 1.2 million people (General Aviation Manufacturers Association, 
2013). Sixty-five percent of all GA flights are conducted for business or personal 
services that the airlines cannot offer in terms of flexibility, services, and access. 
Commercial airlines are restricted to the estimated 450 commercial service air- 
ports in the United States, with the majority of flights going to only 70 major air- 
ports (National Business Aviation Association, 2014), whereas GA can access the 
slightly more than 5000 GA airports, not to mention additional airports through- 
out the world (Aircraft Owners and Pilots Association, n.d.). 

The United States is geographically (and socially) oriented to rely on air 
travel. Unlike many countries with well-organized systems that enable efficient 
travel internally and internationally by rail (and thus have less of a need for air 
travel), the United States has no national high-speed railway system. 
Additionally, the United States shares borders with Canada and Mexico only, fur- 
ther limiting opportunities for international commerce by land. As a result, the 
United States relies on air travel to enable commerce with the rest of the world. 

Although most of the world’s freight still moves via sea, the demand of just- 
in-time goods delivery is increasing. The primary advantages of just-in-time 
shipping are that it allows for shorter production and development cycles and 
eliminates excessive inventory. Aviation is the primary means for economic 
growth with a significant influence on the quality of life of populations around 
the globe, often bringing food and relief, such as medical supplies and equip- 
ment to rebuild after disasters or other tragedies. Aviation facilitates the world 
economy and promotes the international exchange of people, products, 
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investment, and ideas. Indeed, to a large extent, civil aviation has enabled small 
community and rural populations to enter the mainstream of global commerce 
by linking such communities with worldwide population, manufacturing, and 
cultural centers. 

The impact of 9/11 on the aviation industry was devastating. Overall, the avia- 
tion industry experienced direct losses of $330 million per day (Kumar et al., 
2003). In addition to the direct loss of revenue, airlines and airports had to bear 
an increased cost of doing business to meet government-mandated security 
improvements. The costs to airports of purchasing new security technology and 
reconfiguring terminals to accept the larger security screening devices have 
caused airport operators to shift money from other airport capital improvement 
projects, such as runway and taxiway maintenance and expansion, to security 
measures. Additionally, airport operators lost revenue-producing space to accom- 
modate new Transportation Security Administration (TSA) equipment and person- 
nel, and with the deployment of advanced imaging technology, the so-called 
“body imagers,” airports have had to sacrifice even more space to make way for 
larger equipment and longer passenger screening lines. 

The national airspace system is both economically and operationally fragile. A 
delay of 10 minutes can cost the airport and airlines significant money. Gate 
assignments at airports are often scheduled back to back, meaning that if one 
flight does not depart on time, the next flight will probably also depart late. This 
domino effect influences many operational considerations. 

Airline flight delays significantly encumber the US air travel system and cost 
the airlines, passengers, and society billions of dollars each year. In 1 year alone, 
2007, delays cost the airlines $8.3 billion dollars (increased expenses for fuel, crew, 
and maintenance); delays cost passengers $16.7 billion dollars from lost time due 
to delayed flights, cancellations, and missed connections, and the costs from lost 
demang? was calculated at $3.9 billion dollars, for a total of $32.9 billion in costs 
due to delays (Ball et al., 2010, p. vii). Weather and air-traffic-related delays are 
responsible for many flight delays, along with aircraft delayed due to having 
to wait for previously delayed aircraft (Ball et al., 2010, p. 1). However, while 
weather can be predicted to a certain extent, giving airlines enough time to 
reposition flights away from the storm, and rebook passengers in anticipation of 
delays and cancellations, and many air traffic delays currently in the system are 
supposed to improve with the integration of the Next Generation of Air 
Traffic Control (NextGen), a delay due to a security issue, by comparison, has a 
significant impact on the system. Security-related delays such as bomb threats, 
unruly passengers, or the massive shut down of the US aviation system on 9/11 can 
send costs into the billons and have ripple effects throughout the system that can 
last for days or weeks. 

Commercial aviation is composed of a myriad of coupled systems (Fig. 1.3). 
When one part is affected, it forces change in many of the other systems. When 





3Lost demand is an estimated cost associated with passengers who avoid air travel due to delays. 
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FIGURE 1.3 





Dozens of aircraft are stranded in Halifax, Nova Scotia, during the shutdown of the US 
aviation system on 9/11. 


airport flight operations shut down because of weather or aircraft have to be 
rerouted around bad weather, the entire national airspace system is impacted. 
When compared to criminal activity or terrorism, weather is relatively 
predictable and airport operators know how to adjust operations for the kinds of 
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weather in their region. More important, weather (with few exceptions) does not 
generally destroy essential components of the airport and scare the public from 
travel, as tends to happen with a terrorist attack. 

The importance of protecting aviation as a driver of the global economy is clear. 
However, the various systems used to protect aviation can impede aviation’ s efficien- 
cies. Security managers must balance their efforts to protect lives and infrastructure 
with policies and methods that enable aviation to provide commerce with efficient 
and reliable service. The goal in aviation security is to make security fit into aviation, 
not aviation fit into security. Efforts to change aviation operational practices to 
improve security effectiveness result in reducing the benefits of aviation. 


AVIATION SECURITY FUNDING 


A significant issue in aviation security is a reliable source to fund the elements of 
the system that must be implemented to consistently protect the system, while 
continually seeking additional funds to stop developing threats. The International 
Civil Aviation Organization (ICAO; see www.icao.int) recommends a reliable 
and consistent stream of monies to fund aviation security improvements and 
operations worldwide. In the United States, most commercial service airports 
receive revenue from multiple sources as outlined previously, and part of these 
monies fund aviation security at airports. 

US airports spend billions of dollars to implement new security regulations. 
Airport operators have also had Airport Improvement Program (AIP) funding, 
usually earmarked for runway and facility improvements and upkeep, redirected 
toward security projects. This financial burden creates a situation where airport 
operators must sometimes decide between safety- or security-related projects. 
Local FAA airport district offices (ADOs) play a critical role in deciding which 
airports in each state are allocated federal funding. Some airports receive money 
through entitlement programs that designate specific funding regardless of capital 
improvement needs, and an airport listed in the National Plan of Integrated 
Airport Systems (NPIASs) is eligible for federal discretionary funding, an appro- 
priation of federal dollars based on the discretion of the ADO. A complex plan- 
ning process precedes the apportionment of discretionary monies, often involving 
airport operators, the state, the federal government, and the FAA. Since the FAA 
is now effectively out of the security business, but still controls the AIP revenue 
stream, some airport operators have complained that money is less available for 
security-related projects than for safety and airport development. The TSA does 
not have a federal apportionment through a trust fund, the way the FAA does, to 
provide money to airports for security improvements and technologies. Airport 
operators who use AIP funds have to balance the costs of security upgrades with 
other, capital-improvement projects that are often necessary for airfield safety and 
critical maintenance issues. 


Aircraft Operations: An Overview 


Many airports also receive capital monies through their state aviation offices, 
which may collect a percentage of receipts on aviation fuel sold within the state. 
State aviation/aeronautical offices work with the airports to coordinate 5- or 
6-year capital improvement programs and then decide which airports in the state 
should receive the funds (in addition to federal AIP funding). Some states partici- 
pate in the Code of Federal Regulations (CFR) Part 156 State Block Grant Program 
(see http://edocket.access.gpo.gov/cfr_2003/pdt/14cfr156.3.pdf). The Block Grant 
Program states have the sole responsibility for deciding the distribution of federal 
funds for improvement projects at GA and nonprimary (ie, very small) commercial 
service airports. 

An important issue for airport operators has been the acquisition of explosive 
detection equipment and other federally mandated security upgrades. When a new 
explosive detection system (EDS) machine is installed for checked-baggage screen- 
ing, the unit cost of the machine is not the only cost incurred. Facilities must often be 
redesigned to accommodate the additional weight and space of new detection equip- 
ment, and power requirements must be considered along with MTBF maintenance 
requirements. Since the initial deployment of these machines in the years following 
9/11, airport operators are experiencing an entirely new dynamic as the machines are 
reaching their maximum effective operating life and must be replaced. 

Aircraft operators have also been affected by aviation security mandates. For 
example, the required reinforcement of cockpit doors not only increases costs but 
also adds weight to the plane, thereby reducing the capacity for revenue-generating 
cargo and passengers. As a result, funding for aviation security requirements is now 
a significant part of airport and airline operating and capital budgets. 


AIRCRAFT OPERATIONS: AN OVERVIEW 


Aircraft operations encompass a wide range of flying categories—from personal 
travel and military flight to scheduled commercial airlines. An airline’s purpose is 
to move people and goods from one place to another, safely and securely, while 
still making a profit. Airlines carry people, mail, and cargo and are essential to 
the US economy. Airlines also offer a variety of services, including private char- 
ter operations, carrying sports teams and rock stars (Fig. 1.4). 

Aircraft operations are generally classified as commercial service, GA, or mil- 
itary operations. Regardless of the aircraft type, all aircraft may be used for each 
of these types of operations. The Boeing 737, for example, though most fre- 
quently used commercially for airlines, is also used by the military to train navi- 
gators, as well as by the private sector as a business jet. If aircraft are used in a 
commercial capacity for the transportation of passengers and cargo for pay, these 
operations are commonly referred to as commercial aviation. 

Individuals or companies can use an aircraft owned by the company or rent an 
aircraft to facilitate business. For example, a salesperson may use his or her 
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FIGURE 1.4 





A Ted B757 at the Las Vegas McCarron International Airport, one of the busiest airports in 
the world. 


privately owned airplane to service accounts. These types of operations are GA. 
However, if the salesperson takes a passenger and charges a fee, it is now com- 
mercial aviation even though both operations use the same aircraft. These brief 
examples should highlight that an aircraft operation is determined by how an air- 
craft is used, not by the appearance or design of the aircraft. 

Fig. 1.5 shows three aircraft—a Cessna 182 (foreground) used in flight train- 
ing, a Cessna Citation used for business travel and charter operations, and a 
Boeing Business Jet (BBJ) used for private transportation by large corporations. 
The BBJ design is based on the Boeing 737 airframe and can easily be confused 
as a commercial airliner. It is not always possible through visual examination to 
determine whether an aircraft is being used for private transportation, as part of a 
public charter, or in commercial transportation. It is important to understand how 
an aircraft is being used, as various security measures are applied depending on 
the type of flight operation conducted. 

Commercial service operations involve using aircraft to generate a profit. 
These are subclassified into scheduled service (the most common being airline 
operations) and public and private charter flights. Scheduled aircraft operations 
are similar to scheduled bus or train services; a person pays to occupy space or a 
seat for the purpose of transportation and schedules are published so the public 
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FIGURE 1.5 


Cessna 182, Cessna Citation, and BBJ, each representing different types of aircraft used 
in general and commercial aviation, at Rocky Mountain Metropolitan Airport, CO, 2006. 





can select which schedule most accommodates their needs. The company (an air- 
craft operator) provides the scheduled service to make a profit. In comparison, 
public charter also seeks a profit by offering transportation to the client, but 
departure and arrival times vary and are often based on client needs and the avail- 
ability and capability of the aircraft. Public charters are often conducted using a 
scheduled-service air-carrier aircraft, which is leased to a private entity, such as a 
travel destination company. Passengers pay the travel or resort company a fee for 
the entire vacation package, of which the airfare is included, but the aircraft is 
not owned by the travel company. Private charter is analogous to renting a lim- 
ousine in that the customer has purchased the exclusive use of the entire vehicle. 
In private charter, the purchaser pays for the right to his or her own transporta- 
tion, to bring additional passengers or cargo, and to decide on the departure or 
arrival times. 

Private operations are part of GA and may involve using an aircraft person- 
ally or as part of a business enterprise. In GA operations, aircraft are not directly 
used to generate profit but may enhance business opportunity as an efficient form 
of transportation. GA operations also include flight training, agricultural flying, 
soaring, experimental aircraft, and recreational flying—to name a few. 
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Military operations use aircraft to meet various needs specified by national 
governments. Military aircraft do not usually facilitate public or business trans- 
portation or generate profit, however, military aircraft frequently operate from 
commercial airports. In the following sections, we will focus on the most well- 
known type of aircraft operation: the commercial airline. 


AIRLINE MANAGEMENT 


Airline organizational structures vary depending on the size and history of the air- 
line, its route structure (domestic or international), and the type of aircraft 
(regional or long haul). Air carriers are profit-making organizations typically 
owned by stockholders. The stockholders elect a board of directors, which desig- 
nates a chairperson and outlines the goals and objectives for the airline. The board 
hires an administrative manager, a president, responsible for setting major policies 
and ultimately for the airline’s success (Kane, 1998). 

Within top-level airline management is the aircraft operator security coordi- 
nator (AOSC) who is the airline’s key contact with the US TSA, the US Federal 
Bureau of Investigation (FBI), and other federal agencies. The AOSC oversees 
the implementation of security practices throughout the airline. Commercial ser- 
vice operators are regulated under US Transportation Security Regulations (TSRs; 
Title 49 CFR Part 1544).* US airlines must also adhere to the requirements in the 
Aircraft Operator Standard Security Program, a federally drafted document that 
outlines the practices airlines must follow to adhere to federal regulations. 

An airline operations department is essential for managing effectiveness and 
efficiency. The operations department is responsible for delivering service to 
those demanding transportation or shipment of cargo. Within operations are the 
flight and ground operations departments. Flight and ground operations interact 
with the AOSC daily. The flight operations department is responsible for air 
carrier fleet safety, security, and efficiency. Flight operations consist of pilots, 
flight attendants, and dispatchers. Pilots directly operate the aircraft, whereas 
flight attendants provide essential safety and customer services on board the air- 
craft. Dispatchers generate the data needed before the flight, including weight 
and balance, weather, and safety and security information, and communicate 
with the pilots on company communication channels in flight. The ground 
operations department is responsible for maintenance and servicing of the air- 
craft. Through the ground operations department, the airline’s ground security 
coordinators work with the flight department to disseminate pertinent security 
information. 





‘The TSA issues and administers TSRs, codified in Title 49 of the CFR, Chapter XII, parts 
1500—1699. 


Airline Economics 


AIRLINE ECONOMICS 


Throughout the 1990s and into the 2000s, airlines operated on minimal profit 
margins, averaging from 1% to 2% compared to a US industry average of 5% 
(Kane, 1998, p. 413).° Airline revenues are seasonal, with most air travel occur- 
ring in the summer. Although more than 60% of air travelers fly for personal rea- 
sons, the majority of passenger revenue for many airlines comes from the 26% of 
those who are frequent business travelers. The number of airline operations also 
fluctuates throughout the day, with most travelers flying before 10:00 am or after 
4:00 pm. The nature of passenger flow through an airport, based on time of day 
and time of year, relates directly to staffing security personnel and deploying 
required security-related equipment (Kane, 1998). However, the International Air 
Transport Association (IATA), a trade group for the airline industry, reported in 
2015 that the industry would achieve a 4.0% profit margin, attributing the 
increase to a stronger global economy, record load factors, lower fuel prices and 
an appreciation of the US dollar (ATA, 2016). Despite the fact that US airline 
collected $6.16 billion in bag and reservation change fees in 2013 (Hetter, 2014), 
it still does not add up to more than an average profit of $8.27 for every passen- 
ger that boards a flight (Adamczyk, 2015). 

The US airline industry has high capital and labor costs. Most airline equip- 
ment is financed through loans or stock rather than purchased. Airlines must gen- 
erate a high cash flow to repay debt, buy fuel, service aircraft lease payments, 
and perform other operating expenses. More than a third of an airline’s revenue is 
allocated to labor, with many airline workers unionized. As such, labor costs are 
among the highest of any industry. Airlines employ many highly specialized per- 
sonnel including (Kane, 1998): 


. Pilots 

. Flight attendants 

. Reservation, ticket, gate, and cargo agents 
. Security personnel 

Cooks 

Administrative assistants 

. Revenue planners 

. Schedulers and dispatchers 
. Accountants 

10. Lawyers 

11. Human resource managers 
12. Aircraft cleaners 

13. Baggage handlers 


ONDIMRUTAWN— 





°For a complete description of the financial measurements used in airline operations, see Kane 
(1998). 
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Airline bankruptcies are common. Airline profitability is often evaluated by the 
load factor, which is derived by dividing the number of seats generating revenue by 
the airline’s available seats. On average, an airline needs to fill 70—80%° of its avail- 
able seats on each flight (depending on the airline’s particular expense structure) to 
generate a profit on that trip. The difference of just one or two seats filled by paying 
customers can be critical to an airline’s ability to make a profit on a flight. 

The cost of moving a passenger from point A to point B is often determined 
by calculating the cost per revenue seat mile. The cost per revenue seat mile 
represents the average cost to fly one full-fare-paying passenger occupying one 
seat a distance of one mile. For the “legacy carriers”’ (eg, United Airlines, Delta, 
American Airlines, US Airways), this could be $0.10—0.14 per seat mile. In com- 
parison, the costs for low-cost or discount air carriers (eg, Frontier Airlines, 
Southwest Airlines) range slightly less per seat mile. Factors contributing to high- 
er costs include employee salaries, pensions, maintenance, in-flight food, airline 
ticket taxes, and the cost of aviation fuel. An example of an airline cost factor 
related to security is a fee commercial-airline passengers pay as mandated in the 
Aviation and Transportation Security Act of 2001 (ATSA, 2001). 

Airline cost structures are complex. Each airline monitors the rates of its com- 
petitors. When an airline increases its rates, other airlines may not increase theirs. 
By not responding with a rate increase, these airlines wait to see if the competing 
airline will lose profitability by increasing its fares, as there is usually an inverse 
correlation between airline ticket prices and passenger load factors. For example, 
if the cost of jet fuel increases and an airline raises its fares to compensate, other 
airline revenue managers may keep fares low (even with the same increased 
costs) in the hope that their own airlines will see higher load factors to make up 
for the higher fuel costs (Kane, 1998). 

In relation to aviation security, if airlines raise fares to cover costs associated 
with new security requirements, then passenger load factors may also decrease. 
Because of small profit margins, the airline industry is watchful of security practices 
that may increase costs. In an attempt to help mitigate the impact of security con- 
cerns on cost, the ATSA 2001 created the Registered Traveler Program, designed to 
accommodate frequent airline travelers (usually business travelers) with a personal 
identity system, enabling those passengers rapid passage through airport screening. 

The airline industry is sensitive to the fluctuations of the national economy. 
When the national economy declines, both business and leisure travel drop. This 
impact was discussed at an aviation security conference hosted by the American 
Association of Airport Executives (AAAE) (Fig. 1.6) in December 2001. At the 





These figures are dynamic, especially during periods of rapidly escalating fuel prices. 

Legacy carriers are commonly described as large airlines operating out of hub-and-spoke airports. 
A hub-and-spoke airport is usually a large airport that serves as a connecting hub for indirect flights 
to smaller airports. 

8With the cost of fuel spiking to record levels in 2008, airlines have had to heavily revise their cost 
structures to make up for the added fuel expense. 


Airline Economics 





FIGURE 1.6 


Logo of the AAAE, the nation’s largest airport management trade association. 


conference, some participants warned that future attacks on aviation could trigger 
a “mode shift” to increased videoconferencing and online meetings. This shift in 
demand would affect not only airlines but hotel operators, rental car agencies, and 
airport financial models. 

Functions within an airline have a tremendous interdependence; all depart- 
ments are interrelated. When one component is impacted, the effects reverberate 
throughout the organization. For instance, when a flight is canceled or signifi- 
cantly delayed because of a bomb threat, many of the other flights for that airline 
are also affected. If flights were delayed or canceled each time a threat was issued 
(eg, phone or social media such as Twitter), one individual could call or Tweet 
several airlines and shut down the US aviation system. For this reason, bomb 
threats are vetted as thoroughly as possible before canceling or delaying a flight. 

The national aviation airline route system is also highly sensitive—flight delays 
of just a few minutes can resound across the nation, multiplying the delay time for 
subsequent flights and even causing cancellations. Weather delays and temporary 
airport closures caused by security breaches can trigger the cancellation of dozens 
and sometimes hundreds of flights. A security breach at an airport can also have an 
economic impact by disrupting aviation operations. Approximately 40 million pas- 
sengers a year pass through Denver International Airport (DIA). If an individual 
accidentally (without criminal intent) breaches security by entering a concourse 
without proper screening, the airport must temporarily close while the concourse is 
evacuated. In such a case, it takes security and other airport and airline personnel 
around 2 hours to conduct a re-sterilization procedure, which encompasses a search 
for the individual breaching security and any prohibited items he or she may have 
brought into secure areas. A major impact of a security breach is rerouting inbound 
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aircraft. This backs up aircraft movements across the country and may even affect 
inbound international flights. If an airport cannot accept an aircraft because of a 
security breach, the plane is held on the ground at its departure airport, slowed 
down en route, or placed into a costly holding pattern. During a breach, outbound 
aircraft are grounded and often evacuated and searched. 

Approximately 800 commercial aircraft depart from DIA every day, and the 
average cost of a one-way flight is approximated at about $12,600 (depending on 
numerous variables—some costs can be as high as $23,000 or more for an inter- 
continental flight, or lower for regional aircraft operations). This cost represents 
the total average cost for the airline to fly an airplane from departure to destina- 
tion. Using these numbers, the economic impact of a breach in security can be 
shown in the following example. A security breach occurs at noon, and concourse 
evacuation and resterilization begins. At least 390 flights are already affected, 
placing more than $4.9 million of revenue at risk. Assuming successful resterili- 
zation and the perpetrator is either found or the Federal Security Director 
determines there is no risk to reopening the airport, all flights resume with at least 
a 2-hour delay. If only half the original flights are canceled, the airport recognizes 
a net loss of $2.5 million. Across the United States, other airports are affected. 
By 5:00 pm, an additional 200 flights out of Chicago are affected, and by 9:00 pm, 
800 total flights across the United States are affected. 

Resterilization procedures result in long security screening lines, upset travelers, 
and lost revenue. There is also a loss of productivity as airport and airline personnel 
are called away from their primary job duties to assist in the resterilization process. 
Of course, the airlines lose significant revenue when security breaches occur. 


AIRPORTS: AN OVERVIEW 


Excluding military airports, approximately 20,000 GA, private, and commercial 
service airports operate in the United States. About 420 of these airports are clas- 
sified by the FAA as commercial service but also host GA operations. Nearly 
6000 airports are GA airports with approximately 300 of those hosting occasional 
small commercial service operations (Fig. 1.7). The remaining 11,000-plus air- 
ports are private airstrips scattered throughout the United States. 

Airports support and provide a conduit to transportation. They also serve soci- 
ety in other ways. Sam Hoerter (2001), author of The Airport Management 
Primer, describes an airport as: 


... @ place where federal airspace and local roadways intersect. Think of it as 
a place where public infrastructure and private investment intersect. Think of 
an airport as a place where buyers and sellers meet in an open and ever- 
changing marketplace. In other words, think of it as a place forever caught 
between different worlds. Consequently, airport management requires a contin- 
uous effort to seek a balance among many competing forces. (p. 9) 
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FIGURE 1.7 


Approximate proportions of commercial service, GA, and private airports within the United 
States. 


Hub Type: Percentage of Annual 


: Common Name 
Passenger Boardings 


Airport Classifications 






































Large: Large Hub 
Commercial 1% or more 
Service: Primary: Medium: 
Publicly owned | Have more than At least 0.25% Medium Hub 
that a 10.000 A e 
2500 passenger Small: 
passender boardings At least 0.05% Small Hub 
boardings Ee but less than 0.25% 
each calendar S410211) Nonhub: 

year and More than 10,000 Nonhub Primary 
receive scheduled but less than 0.05% 
passenger service 

47102(7 Nonhub: : 
SAren) Nonprimary At least 2500 c Nonpr cad 
and no more than 10,000 SE Ia eae 
Nonprimary ; Reliever 
(Except Commercial Service) Not Applicable §47102(18) 
FIGURE 1.8 
Airport categories. 
From FAA. 


Adding to the challenges for airports, as described by Hoerter (2001), is that 
airports must also operate safely and in a secure manner, while seeking to main- 
tain balance between serving as a place to conduct commerce and public transpor- 
tation and also complying with federal regulations. 

The FAA classifies airports by categories of activities (Fig. 1.8). 
Commercial service airports have at least 2500 enplanements (passenger 
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boardings) per year. Commercial service airports may be primary or nonprim- 
ary. Primary commercial service airports have more than 10,000 annual enpla- 
nements. Nonprimary airports have at least 2500 but fewer than 10,000 
enplanements. Cargo service airports host aircraft with a yearly average landed 
weight of more than 100 million pounds. Airports can operate both as commer- 
cial service and as cargo airports. 

Reliever airports are GA airports designated by the FAA to relieve congestion 
at commercial service airports. These often serve as an outlet for GA traffic to 
avoid the congestion of the commercial service facility. Approximately 13,000 
airports are GA and they constitute the largest subcategory of airports in the 
United States. They can be public or privately owned and operated and can have 
up to 2500 annual commercial service enplanements without being classified as a 
commercial service airport. 

Commercial service airports are further classified by hub status.” Large-hub 
airports account for about 70% of the total annual passenger enplanements 
within the United States. Large-hub airports include Hartsfield—Jackson Atlanta 
International, Chicago O’Hare International, Los Angeles International, Dallas/ 
Fort Worth International, and Denver International. There were 29 large-hub air- 
ports in the United States in 2010. Metropolitan Oakland International, 
Pittsburgh International, Portland International, Lambert—St. Louis 
International, and Cleveland Hopkins International airports are examples of 
medium-hub airports (37 in 2010). Small-hub airports (72 in 2010) include 
Louisville International (Kentucky), Will Rogers Field (Oklahoma), El Paso 
International (Texas), and Albany International (New York). Nonhub (nonprim- 
ary) airports make up the largest number of commercial service airports, totaling 
244 in 2010. These include airports such as Mahlon Sweet Field (Oregon), Fort 
Wayne International (Indiana), Joe Foss Field (South Dakota), and Juneau 
International (Alaska) airports. An additional 121 airports are classified as non- 
hub airports servicing small numbers of commercial traffic at the rate of fewer 
than 2500 enplanements per year. Nonhub airports are predominantly GA opera- 
tions (Table 1.1). 

Civilian, commercial service airports may also be colocated with military 
airport facilities. Military airport facilities are not regulated by Federal 
Aviation Regulations (FARs; US 14 CFR Part 1-199) or TSRs (US Title 49 of 
the CFR, Chapter XII, Parts 1500—1699). Civilian airport operators with joint 
military operations must geographically separate the civilian and military 
areas. For example, Colorado Springs Regional Airport is located on the south 
side of its primary runway and shares the runway with Peterson Air Force 
Base, which is located on the north side of the airfield (Fig. 1.9). The areas 
are separated by the runway and by lines of demarcation painted on perimeter 
access roads. 





°A hub is an airport with a high frequency of arriving and departing flights along with a relatively 
high rate of connecting traffic. 
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Table 1.1 Enplanements by Hub Type for 2000 





Number % of US 

Airport Type of Airports Enplanements Examples 

Large Hub (>1.0% of all 29 68.0% Sea-Tac, Denver, 

enplanements) Salt Lake City, LAX, 
DFW, Atlanta, etc. 

Medium Hub (0.25—1.0% | 37 20.0% Portland, Anchorage, 

of all enplanements) Reno, Cleveland, etc. 

Small Hub (0.05—0.25% 72 8.0% Colorado Springs, 

of all enplanements) Billings, Boise, and 
Spokane 

Nonhub (>10,000 244 3.0% Aspen, St. George, 

enplanements, Cheyenne, Kalispell, 

but <0.05% of all and Hailey 
enplanements) 

Nonprimary Commercial 121 0.1% Pueblo, Moab, 

Service (>2500 Pendleton, 

enplanements and Eastsound, etc. 

scheduled service) 

Relievers (>100 based 269 0.0% Centennial, South 

aircraft or 25,000 annual Valley Regional, Paine 

itinerant operations — other Field, etc. 

criteria apply as well) 

GA 2560 0.0% Aurora State, 
Arlington Municipal, 
and Nampa Municipal 

Existing NPIAS airports 3332 99.1% 





Users of GA airports can include an eclectic mix of small training aircraft, 
experimental home-built planes, sailplane operations, helicopters, skydiving 
operations, and business jet air traffic. As mentioned, some GA airports host lim- 
ited commercial service operations. These small airline operations are usually 
characterized by seasonal or periodic flights rather than daily scheduled service. 
Many GA airports are small, single-runway facilities, whereas others equal the 
size of large commercial aviation airports with multiple runways, hundreds of 
thousands of annual operations, and large jet aircraft. 

Of the approximate 13,000 GA airports, about 3000 are part of the NPIAS 
(see www.faa.gov/airports_airtraffic/airports/planning_capacity/npias). NPIAS 
airports are designated as vital to the national airspace system and thus eligible 
for federal funding for airport safety, capital improvements, and security 
projects. 

Private entities or individuals own, construct, and maintain private airports. 
Use of a private airport is generally restricted to the owner or those granted per- 
mission by the owner. However, in the United States, any aircraft in an emer- 
gency may use any airport, including private airports. 
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FIGURE 1.9 





Peterson Air Force Base in Colorado Springs shares runways with the Colorado Springs 
Municipal Airport. 


Title 14 CFR Part 139 Certification of Airports assigns a different classifica- 
tion for commercial service airports for the purpose of compliance with the 
Airport Certification Manual (ACM; see www.faa.gov/airports_airtraffic/airports/ 
airport_safety/part139_cert/media/sample_ACM.pdf). The ACM outlines how the 
airport will comply with FARs to operate safely without specifically addressing 
security concerns. Under FAR Part 139, there are four classifications of commer- 
cial service airports: class I airports encompass most large-, medium-, and small- 
hub airports; class II airports encompass small scheduled service and large charter 
operations; class II] airports encompass small scheduled service operations only; 
and class IV airports encompass large charter operations. 

Security classifications for airports are established by the TSA and fall into three 
types: complete, supporting, and partial. The type of security program required at a 
particular commercial service airport depends on factors such as the scope of the 
airport’s operation, the geography (ie, the airport is located near other critical infra- 
structure), the opinion of the TSA, and geopolitical circumstances. Complete security 
programs are generally required for large-, medium-, and small-hub airports. 
Supporting and partial security programs are generally required for nonhub airports. 





Airport Ownership and Operation 


AIRPORT OWNERSHIP AND OPERATION 


Municipalities (eg, cities and counties) own and operate the majority of publicly 
available service airports in the United States. Exceptions to this form of owner- 
ship are Alaska, Hawaii, and Rhode Island, which own all the civil airports within 
their boundaries. 

A common misconception is that the FAA operates US airports, as many air- 
ports have an FAA air traffic control tower (ATCT). ATCTs are staffed by FAA 
employees and coordinate the movement of aircraft in and around the runway of an 
airport. However, the movement of aircraft and ground vehicles within the “move- 
ment area” of an airport is generally the extent of the FAA’s authority. The author- 
ity to close the airport, to open and close runways, and to manage other functions 
is generally under the purview of the airport owner or operator, which is usually a 
municipality or an appointed authority. The relationship between the airport owner 
or operator and the FAA at a particular airport is defined in a letter of agreement. 

City and county airports can be owned and managed through a variety of 
arrangements. A municipally operated airport is typically owned by a city or 
county and run as a department or division within the municipality’s organiza- 
tional structure by its employees (Wells and Young, 2004). In contrast, an airport 
may be operated by an airport authority, which is an entity created by state legis- 
lation, usually at the will of a city or county, and which acts as a separate govern- 
mental agency (Hoerter, 2001). The city or county retains airport ownership, but 
much of the management and planning decisions are turned over to the airport 
authority. According to Hoerter, airport authorities are the preferred method of 
ownership, because “the leadership is more focused on airport issues, the airport 
staff is less subject to political interference, and a metropolitan community can be 
better represented by the authority’s governing body” (2001, p. 12). 

Al Graser, during his tenure as general manager of John F. Kennedy 
International Airport and former chair of the AAAE Transportation Security Policy 
Committee, agrees with Hoerter’s viewpoint and adds to it a perspective related to 
security. Graser argues that airport directors working for an airport authority have 
the benefit of consistency, which gives them the ability to develop industry rela- 
tionships needed to work with the TSA and other government agencies, particularly 
regarding security issues. Graser also claims that airport directors working directly 
for a city or county often campaign with the mayor or county commissioners for 
reelection, because if political situations change, the airport director is likely out of 
a job (Al Graser, personal communication, Dec. 2005). 

Some airport authorities, such as the Los Angeles World Airports Authority 
(LAWAA), are responsible for entire aviation systems. The LAWAA oversees the 
management and operation of Los Angeles International Airport, Ontario 
International Airport, Van Nuys Regional Airport, and Palmdale Regional Airport. 

The port authority is another form of airport management structure. A port 
authority is a legally chartered institution, with management responsibility 
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often extending beyond aviation and into several transportation modes. 
For example, the Port Authority of New York and New Jersey (PANY&NJ) 
represents John F. Kennedy International, LaGuardia International, Newark 
Liberty International, Stewart International Airport and Teterboro (a GA 
airport), Downtown Manhattan Heliport, and the New York seaport complex. 
PANY&NJ also manages various tunnels, bridges, bus terminals, the commuter 
ferry system, the AirTrain, and the PATH Rapid-Transit System commuter rail 
for New York and New Jersey. 


AIRPORT SECURITY OPERATION 


Airport directors or managers oversee airport operations. Airport staffing includes 
operations personnel responsible for managing airfield safety inspections and 
emergency response to incidents including compliance with the ACM, mainte- 
nance personnel who ensure the airfield lighting systems and other essential 
buildings, fleets, and field systems are operational; administrative personnel man- 
aging the budget, accounting, human resources, and information technology func- 
tions; public relations and marketing personnel; planning and engineering 
personnel; and security and law enforcement personnel who ensure compliance 
with the Airport Security Program (ASP).'° A large airport may have hundreds or 
even thousands of employees. In contrast, only one individual may have manage- 
ment responsibility at a smaller GA airport. 

Commercial service airports fall under Title 14 CFR Part 139, which requires 
an airport to meet a variety of standards related to airfield safety inspections, 
emergency response, wildlife management, public protection, and others. Flight 
operations at a commercial service airport are regulated under a variety of differ- 
ent regulations depending on the nature of the flight operation (scheduled air car- 
rier, charter, private operation, etc.). Airports with 14 CFR Part 139 certificates 
are also required to adhere to Title 49 CFR Part 1542 Airport Security. 

Most GA airports do not have specific federal regulations covering safety and 
security procedures; however, flight operations regardless of their location are regu- 
lated from a security perspective.'' Three GA airports (College Park, Washington 
Executive/Hyde Field, and Potomac Airfield) have specific security regulations set 
forth by the federal government because of their proximity to Washington, DC. 
Some states have implemented their own regulations covering GA airports. 

For many GA airports, the FAA provides funding in the form of federal grants 
for capital improvement projects. The FAA requires the recipient airport (known 





10The ASP is a formalized plan required and approved by the TSA and used for implementing and 
managing security procedures at most US airports. 

Plight operations can be regulated under 14 CFR Parts 91, 121, 125, 127, or 135 and under Title 
49 TSR CFR Parts 1544, 1546, 1548, or 1550. 


Airport Ownership and Operation 


as a sponsor) to adhere to grant assurances. Grant assurances require the airport 
operator to adhere to certain safety standards and management policies (see www. 
faa.gov/airports_airtraffic/airports/aip/grant_assurances). However, the FAA has 
not normally provided funding to GA airports for security projects. 

Commercial service airport operators prepare an ACM to demonstrate how their 
airport will comply with Title 14 CFR Part 139. ASPs are drafted by commercial 
service airports to demonstrate how the airport will comply with Title 49 CFR Part 
1542. Aircraft operators have similar security programs (under Title 49 CFR Part 
1544) to demonstrate compliance with federal transportation regulations. 

At each commercial service airport, the airport security coordinator (ASC), 
who usually operates a security department or division, oversees compliance with 
federal regulations and maintains compliance with the ASP. ASCs are charged 
with conducting security exercises, providing fingerprint-based criminal-history 
record checks, issuing identification badges (commonly referred to as access 
media or credentials), ensuring adequate law enforcement is present to respond to 
incidents, and assisting the TSA, FBI, airlines, and airport tenants with security 
matters. 


AIRPORT FUNDING 


Airports are funded by a variety of sources depending on the type of airport. 
Hoerter explains: “An airport can operate as a stand-alone enterprise because its 
revenues and expenses are related in a businesslike context; therefore, logical user 
fees can be charged for services rendered” (2001, p. 13). Commercial service air- 
ports are funded by leasing gates and administrative space to the airlines and 
other tenants, charging landing fees, and collecting passenger facility charges 
(PFCs), parking fees, and a percentage of concession sales. GA airports are pri- 
marily funded by leasing space to tenants and through the collection of a percent- 
age of fuel sales. Understanding the revenue flows for an airport is important to 
planning and design decisions relating to security needs. Eliminating revenue- 
producing space to expand security checkpoints or include additional security 
equipment creates financial challenges for an airport, which must be offset with 
some other strategy. 

An important revenue stream to airport operators is the PFC. The PFC is a 
charge that is collected (through the airline ticket) at an airport with the fee 
going to the airport operator. PFC money can supplement AIP monies and is 
often used for airfield safety and security improvements. However, the airline 
industry has traditionally fought against the collection of PFCs or the raising 
of PFC fees (A4A, 2015). A 2015 Government Accountability Office (GAO) 
report found that increasing the PFC cap could marginally slow passenger 
growth and therefore the growth in revenues to the airport Trust Fund (GAO, 
2015). However, the GAO also noted that many passengers are not educated 
on reasons for PFC collection, and that depending on a variety of elements, 
an increased cap could reduce total revenues by 1%. Since 2000, PFCs have 
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been collected at the rate of $4.50 per passenger (lower than the current secu- 
rity fees collected by TSA), but airports have sought to raise the fee to $8.50. 
In an A4A poll conducted in 2015, survey respondents said they believe air- 
ports are already well funded and opposed another tax. However, PFC monies 
are considered a fee, not a tax, and go toward safety and security improve- 
ments, not to improve profitability for an airport, which are by and large 
government entities and strive to break-even. For commercial and GA air- 
ports, part of the annual capital improvement funding comes from the FAA’ s 
Aviation Trust Fund (ATF).'* The US Congress reviews and approves airport 
funding through the AIP every few years (see www.faa.gov/airports_airtraffic/ 
airports/aip). Additional funding is also derived through legislation for 
security programs and is generated by passenger fees. Several US airports 
receive funding from their city or county; however, the FAA generally 
encourages airports to be self-sufficient, generating enough of their own 
revenue to cover expenses. 


AGENCIES AND ORGANIZATIONS 
REGULATORY AGENCIES 


In the United States, the primary regulating agency for aircraft and airport opera- 
tions is the FAA, an administration of the US Department of Transportation. It 
oversees the management and enforcement of CFR Title 14 Aeronautics and 
Space, including the rules governing airport safety certification and air traffic 
control. 

Commercial service airports fall under 14 CFR Part 139 Certification of 
Airports. Part 139 requires an airport to meet a variety of standards, such as airfield 
safety inspections, emergency response, wildlife management, and public protec- 
tion. Flight operations at a commercial service airport are regulated under a variety 
of regulations depending on the nature of the flight operation. Airports operating 
under 14 CFR Part 139 Certificates'’ are also required to adhere to TSR Part 1542 
Airport Security (see www.tsa.gov/research/laws/regs/editorial_1785.shtm). 

Before 9/11, the FAA presided over the security regulations pertaining to 
airport and aircraft operations. After 9/11, this function transferred to the newly 
created US TSA. The TSA enforces the TSRs and is a division of the US 
Department of Homeland Security. 





The ATF was formally known as the FAA Airport and Airway Trust Fund and is designed to 
fund the nation’s aviation system through various taxes (see www.faa.gov/airports_airtraffic/ 
trust_fund). 

'3In general, 14 CFR Part 139 requires the FAA to issue airport operating certificates to airports 
that (1) serve scheduled and unscheduled air carrier aircraft with more than 30 seats, (2) serve 
scheduled air carrier operations in aircraft with more than 9 seats but fewer than 31 seats, or (3) the 
FAA administrator requires a certificate. 


Conclusions 


INDUSTRY TRADE ORGANIZATIONS 


Industry trade organizations play a significant role in influencing public aviation 
safety and security policies through lobbying efforts and various membership ser- 
vices. These organizations often provide training and research on issues related to 
aviation security. Aviation-related trade organizations include the Airlines for 
American (formerly known as the Air Transport Association; see www.airlines. 
org), which represents commercial airlines; the IATA, which represents airlines 
throughout the world; the AAAE (see www.aaae.org), which represents airport 
operators; Airports Council International, which also represents airport interests; 
the Aircraft Owners and Pilots Association, which represents GA aircraft aviators; 
the National Business Aviation Association (see www.nbaa.org), which represents 
business aircraft operators; and the National Agricultural Aviation Association 
(see Www.agaviation.org), which represents the operators of agricultural aircraft. 


CONCLUSIONS 


The aviation industry is essential to the viability of the US economy, which makes 
aviation a prime target for terrorists. The complexity and size of the industry also 
make it an attractive environment for crime. Understanding the tenuous financial 
structure of airlines, the aviation industry aids the security practitioner in applying 
appropriate and practical security measures. Aviation security practitioners must 
deploy systems, measures, and procedures to counteract both terrorist and criminal 
perpetrators. To meet these challenges, aviation security practitioners employ lay- 
ered security systems that are symbiotic with the global aviation industry. 

The US Congress establishes policy for protecting US aviation. Federal regu- 
lators convert these policies into regulations, which are therefore established as 
accepted industry practices. Federal regulators implement and supervise these pol- 
icies and regulations across all aircraft operators and airports. 

The 9/11 Commission was tasked with assessing facts surrounding the September 
11, 2001, terrorist attacks. The 9/11 Commission analyzed and recommended new 
strategies for adoption within the United States. Because of the 9/11 Commission’s 
work, the largest overhaul of aviation security in US history was implemented. 
However, to thwart or reduce the risk of crime or terrorist activity, the strategies 
recommended by the 9/11 Commission must remain flexible in evolution and applica- 
tion. The following chapters in this text will help aviation security practitioners or stu- 
dents build on the recommendations made by the 9/11 Commission. Readers of this 
text will be better prepared to understand, develop, and apply strategies, tactics, and 
methods that are appropriate and practical to the future needs of aviation security. 

Aviation security practitioners or students of aviation security should have a 
solid understanding of the nature and contributing factors regarding the attacks of 
September 11, 2001. Therefore, it is strongly recommended that readers review 
the preceding case study on 9/11. 
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CASE STUDY: SEPTEMBER 11, 2001 (9/11) TERRORIST ATTACKS '* 


September 11, 2001 

On September 11, 2001, Mohammed Atta checked in for his flight to Boston. Atta was 
preselected under the Computer-Assisted Passenger Prescreening System (CAPPS) to undergo 
additional security measures. These measures were to ensure that his baggage did not board the 
aircraft without him. The positive passenger—baggage matching (PPBM) program is designed to 


deter placement of an explosive device in checked baggage, but not to deter hijacking.” 


Four other hijackers—Khalid al Mihdhar, Majed Moged, Nawaf al Hazmi, and Salem al 
Hazmi—also checked in at the American Airlines ticket counter at Washington Dulles 
International Airport. These terrorists were also selected for additional scrutiny under CAPPS, but 
again, only to ensure they boarded assigned aircraft. One of the hijackers had neither photo ID 
nor understood English, and the ticket agent labeled the passengers as suspicious. 

When the 9/11 Commission interviewed screeners at access points used by the hijackers, none 
reported anything unusual about the hijackers. At Dulles Airport, some hijackers activated walk- 
through metal detector alarms and were subjected to additional screening by hand wand. During 
subsequent reviews, a screening expert seeing the closed-circuit video of the screening process 
testified that the quality of the hand wand process was marginal. Additionally, one of the hijackers 
was seen on video with an unidentified object clipped to his belt. At Newark, NJ, the departure 
point of United Flight 93, one of the hijackers was preselected for additional scrutiny under CAPPS. 
As with Boston, Newark’s screening checkpoints did not have closed-circuit television (CCTV) 
surveillance, so it is difficult to determine what took place at the screening checkpoints." 

Once hijackings began on 9/11, US agencies had a difficult time communicating with each 
other. Information from hijacked aircraft to the FAA and from airline headquarters to the FAA 
was nonexistent or ineffective because of cockpit takeovers by the terrorists. One method pilots 
use to notify the FAA of hijacking is to broadcast an emergency code via a transponder.'’ This 
code is published in the publicly sold Aeronautical Information Manual (FAA, 2008) and is 
taught in the most basic FAA pilot training curriculums. Because their flight training was 
conducted in the United States, the 9/11 hijackers would have known about the code and would 
have been familiar with the transponder. In three of the four hijacked aircraft, the transponders 
were turned off, making it difficult for the FAA to track the aircraft on radar. 

The FAA and US military agencies were not in communication throughout the entire 9/11 
attack sequence. Defending the United States during the attacks was a mission of North American 
Aerospace Defense Command (NORAD). NORAD’s mission was to protect the United States 
from external threats. NORAD explored the threat of terrorists using aircraft as weapons of mass 
destruction, but the threat was based on speculation and not on developed intelligence. 

The US government requires the FAA to work with the National Military Command Center 
(NMCC) in the Pentagon to manage hijackings in progress. Part of this process is to notify 
NORAD ’s Northeast Air Defense Sector (NEADS) in Rome, New York, to coordinate the 
intercept of hijacked aircraft by US military aircraft. However, during 9/11, both the FAA and the 
NMCC assumed that a hijacked aircraft would not attempt to disappear off radar, that there would 
be time to address the hijacking, and that a hijacking would follow a traditional form (land and 





The following case study is a synopsis of the key contributing factors and issues in aviation secu- 
rity management that were salient to the 9/11 attacks. Most of the content for this case was sourced 
from The 9/11 Commission Report (9/11 Commission, 2004). 

'SPPBM is also ineffective against suicide bombers, but for decades it had effectively deterred 
many non-suicide airline bombings. 

'©Although not mandated, CCTV monitoring of screening checkpoints is recommended by TSA 
and other aviation security experts. 

Referred to by pilots and air traffic controllers as “squawk 7500.” 
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negotiate) rather than be enacted as a suicide mission. Communications between the FAA and 
NEADS were so inadequate that the military was using radar to search for American Airlines 
Flight 11 after the plane had struck the North Tower of the WTC. The first indication NEADS 
had of the second hijacked flight, United Airlines 175, came about the same time as that plane hit 
the South Tower of the WTC. 

NEADS did send two F-15 fighter jets from Otis Air Force Base in Falmouth, MA, but 
without an assigned target because of communication problems, they were ordered in a holding 
pattern off the coast of Long Island. A National Guard C-130 cargo plane was also requested to 
search for American Airlines Flight 77 heading toward its Pentagon target. Because the C-130 
was unarmed, the aircraft could only attempt to collide with American Airlines Flight 77 (if it had 
been granted that action by proper authority). 

After 9/11, there was considerable discussion by US agencies and the federal government on 
who had authority to give an order to shoot down a commercial airliner. President Bush testified 
that he gave authorization to shoot down hijacked aircraft and that the order was passed to the 
vice president and through the NORAD command chain. This conversation between President 
George W. Bush and Vice President Dick Cheney took place between 10:10 am and 10:15 am 
Eastern Daylight Time on 9/11, just moments before United Airlines Flight 93 crashed in 
Shanksville, PA. The shoot-down order made its way through the NORAD command structure, 
and within 20 minutes flight controllers talking to interceptor aircraft had authorization. The 9/11 
Commission Report (Fig. 1.10) outlines numerous other flaws in communication between the 
national military command authority and the FAA. The report stated: 


The defense of U.S. airspace on 9/11 was not conducted in accord with preexisting 
training and protocols. It was improvised by civilians who had never handled a hijacked 
aircraft that attempted to disappear, and by a military unprepared for the transformation 
of commercial aircraft into weapons of mass destruction. As it turned out, the NEADS air 
defenders had nine minutes’ notice on the first hijacked plane, no advance notice on the 
second, no advance notice on the third, and no advance notice on the fourth. (9/11 
Commission, 2004, p. 31) 
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FIGURE 1.10 


The 9/11 Commission Report outlined the structure and actions of the 9/11 attacks 
along with recommendations for improving aviation security. 
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Assumptions of what terrorists or criminals will do, based on a given situation and on the 
effectiveness of established communication protocols, are key concerns to aviation security 
practitioners. The assumptions made by stakeholders on 9/11 followed those of a “traditional 
hijacking,” which proved fatal for thousands of US citizens. 

The 9/11 Commission provided insights on the changing nature of the terrorist threat to 
aviation. The 9/11 Commission suggested that the failure of terrorists to destroy the WTC in 1993 
and the quick success of investigators and prosecutors in bringing the perpetrators to justice might 
have contributed to a widespread underestimation of future terrorist threats by US officials and 
security personnel. 

In addition to the notion of overconfidence by US officials and security practitioners, other 
failures contributed to the 9/11 attacks. Historically, aviation security professionals have been a 
consumer of intelligence information rather than a source. Therefore, aviation security 
practitioners rely on intelligence information gathered, disseminated, and analyzed by other 
agencies such as the FBI and, before 9/11, the FAA. However, as the 9/11 Commission pointed 
out, the FAA is also not a traditional source of intelligence information related to threats and is 
just as much a consumer of that information as airport and aircraft operators. Therefore, 
breakdowns in the dissemination of intelligence information to entities that can take action are of 
vital importance to the future of aviation security. 

The 9/11 Commission Report noted that over the previous three decades, dissemination of 
intelligence information from federal agencies was ineffective. During that time, there had not 
been a domestic hijacking in more than 10 years, and the commercial aviation industry was more 
concerned with explosives than firearms or other weapons. The Presidential Commission on 
Aviation Security, chaired by Vice President Al Gore in 1997, focused nearly all of its 
recommendations on protecting civil aviation from bombings even though the number of 
attempted hijackings exceeded 600, whereas airline bombings numbered fewer than 100. 

The 9/11 Commission stated that the existing layered security system intended to prevent 
hijackings was “seriously flawed” (9/11 Commission, 2004, p. 83). At the time of the 9/11 
attacks, the FAA’s no-fly list contained the names of only 12 individuals who were not allowed 
on board US civil aircraft. Furthermore, the security chief for the organization stated that he had 
not heard about the US State Department’s tipoff list of known and suspected terrorists. 
Apparently, the FAA did have access to the tipoff data but found it too difficult to use. As 
consumers of intelligence data, the FAA also lacked awareness of developing threats. 

Various hijackers on 9/11 had taken flight lessons within the United States. The 9/11 
Commission Report states that in 2001, information about Middle Easterners taking flight lessons 
in the United States was not relayed to the FAA’s 40-person intelligence unit. FAA Administrator 
Jane Garvey did not review daily intelligence information and was unaware of the hijacking threat 
information from her own intelligence unit. 

Before 9/11, checkpoint screening was considered the most important layer of security. 
However, numerous GAO reports identified shortcomings in the screening process. Another 
security gap was the FAA’s policy of allowing knives with blades shorter than 4 inches onto 
commercial aircraft. A 1993 proposal to ban knives was rejected because of projected increased 
congestion at checkpoints. Although continuous and random secondary screening using EDS and 
explosive trace detection technology was mandated after 1996, the policy was ignored to the point 
that it was operationally nonexistent. The report was further critical of airline opposition to 
procedures affecting the efficiency of flight operations. 

Training and performance standards were part of the Gore Commission’s recommendations, 
but not until the passage of the Airport Security Improvement Act of 2000 (ASIA 2000) were 
they placed into legislation. However, by 9/11 screener training and performance standards had 
still not been implemented. ASIA 2000 transferred the responsibility to the TSA, and screener 
training and performance standards are now required. Furthermore, the policy on prohibited items 
has changed. Knives shorter than 4 inches are no longer allowed on board commercial aircraft. 
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The final layer of airline security against hijackings used at the time of 9/11 was known as the 
Common Strategy, which instructed pilots and flight crews to cooperate with hijackers and land 
the plane as soon as possible, then let law enforcement take over to resolve the hijacking. The 
Common Strategy was not designed to counter suicide hijackings. This fundamental concept has 
changed to more active resistance against hijackers, as the assumption can no longer be made that 
future hijackers will follow traditional methods or purposes of hijacking. 

Important lessons may be learned by analyzing the planning of the 9/11 attacks. Khalid Sheikh 
Mohammed (KSM; Fig. 1.11) began work on the future 9/11 attacks with Osama bin Laden in 1996. 
The two met in Afghanistan to discuss various attack methods against “potential economic and 
‘Jewish’ targets in New York City” (9/9073511 Commission, 2004, p. 150). KSM had previously 
been involved in plots to assassinate President Clinton and to bomb US-bound air cargo carriers by 
smuggling nitrocellulose on board. At the 1996 meeting, initial planning of the 9/11 attacks was 
formulated as KSM and bin Laden discussed plans to train pilots to fly into US targets. New York 
and Los Angeles were identified as economic centers of the United States, which factored into the 
decision to target those cities. Other forms of attack were considered, including hijacking planes and 
then blowing them up in flight (similar to the Pan Am 103 bombing). However, KSM felt that 
explosives were too problematic and that a novel form of attack was required. 

By 1999, the plot by KSM and bin Laden was moving forward with a list of targets including 
the White House, Pentagon, WTC, and US Capitol. Suicide operatives were recruited. A second 
attack was also planned, which resembled Yousef’s Operation Bojinka plot. In this secondary 
plot, suicide bombers would board US aircraft on Pacific oceanic routes, possibly concealing 
bombs in their shoes. Both attacks (hijackings and airline bombings) were to be executed 
simultaneously, enhancing the psychological impact. This strategy is characteristic of the desire 
by terrorists for large physical and widespread psychological impact. However, by 2000, bin 
Laden canceled the second attack plan, declaring it too difficult to coordinate with the US hijack 
operation. In late 2000, the US National Security Council did warn the Justice Department about 
the second attack plan. 





FIGURE 1.11 
KSM worked with Osama bin Laden to plan the 9/11 attacks. 
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KSM spent much of 1999 training operatives on what he learned about the US aviation 
system. He searched the Internet, collecting brochures and information on US flight schools, 
reviewed airline timetables, bought movies depicting hijackings, and even purchased flight 
simulator software. Training also included lessons in English and how to read US phone books 
and airline timetables. Although most of this material is publicly available, it is interesting to note 
the extent to which the attacks were planned to give the terrorists insight into the intelligence- 
gathering process. Part of the advance surveillance process included observing flight crews in 
action, noting particularly when the cockpit doors were opened and processes that would take 
place when flight crewmembers used the lavatory and when food was served to the flight crew. 
Some operatives would test components of the aviation security system by intentionally bringing 
box cutters onto commercial flights and by removing box cutters and other items while in flight, 
then observing the reactions of passengers and flight attendants. 


Flight Training Begins 

Once training was completed in Afghanistan, the hijackers began their move to the United States 
and began efforts to appear less radical. The hijackers shaved their beards and wore Western 
clothing in efforts to blend into US society. 

The 9/11 Commission outlined two abilities fundamental to the success of terrorist attacks: 
to travel and to transfer money. The plot required numerous international trips by planners and 
operators. Al-Qaeda hosted an office at the Kandahar Airport in Afghanistan that facilitated 
altering papers, visas, and passports. Operators were taught simple methods to alter their own 
passports and change documents while en route. It is estimated that $400,000 to $500,000 was 
spent to plan and carry out the 9/11 attacks. Al-Qaeda raised money through corrupt charities 
and donations from sympathizers in certain Gulf countries including Saudi Arabia, but it is not 
certain that all donors knew how their money was being used. The 19 hijackers were supported 
with funds wired from KSM, brought in as cash or held in foreign bank accounts that could be 
accessed from the United States. These findings of the 9/11 Commission highlight the 
importance of effective immigration and customs inspections as crucial components to national 
security that also affect aviation security. Although not part of the 9/11 attacks, the commission 
did note the importance of using fraudulent documents to facilitate an attack, when addressing 
the attempt by Ahmad Ressam (who used fraudulent documents) to attack Los Angeles 
International Airport in 2000. 

Once in the United States, with their flight training started, the hijackers provided some 
interesting clues as to their intentions. A San Diego-based flight instructor of two of the 
operatives noted their unusual reaction when told they would have to start learning to fly in 
small aircraft. He believed they were joking when they requested to start their training in large 
planes, particularly Boeing-type aircraft. The instructor also noted that they were poor students 
and seemed more focused on learning how to operate the aircraft in flight rather than on how to 
land. A Florida flight instructor commented that two of the students, who were also hijackers, 
were rude and aggressive and at times fought with him over the controls. At one point, both 
those hijackers took the FAA exam to obtain the FAA instrument rating, and both failed. They 
were both very upset and stated that they had jobs waiting for them once flight training was 
complete. 

Eventually, three of the hijackers learned to fly well enough to obtain the FAA commercial 
pilot certificate and began flying large-aircraft simulators. One pilot, Hani Hanjour, obtained his 
flight certificates in Arizona between 1996 and 1997. He was identified as a pilot by the 
background information he provided while at an al-Qaeda training camp and referred to KSM in 
2000. Hanjour returned to Arizona for refresher training and to learn how to fly multiengine 
aircraft. Difficulties with English made learning how to fly the multiengine planes a challenge, 
and his flight instructor recommended him to discontinue. Hanjour then enrolled at the Pan Am 
International Flight Academy in Mesa, AZ, and began training on a Boeing 737 simulator. 
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A critical ingredient in the 9/11 attacks was the ability of the hijackers to fly the aircraft, 
which is why ATSA 2000 now places specific requirements on flight schools throughout the 
United States, now called the Alien Flight Training Program. Under the program, all flight 
students are now required to show proof of citizenship in the United States; legal aliens are 
required to have their fingerprints taken and their names checked against known terrorist 
watch lists. 

In the early summer of 2001, the pilot hijackers began taking cross-country surveillance 
flights on US air carriers. Some also took additional flight training including flights along the 
Hudson Corridor, “a low-altitude hallway along the Hudson River that passes New York 
landmarks like the World Trade Center,” as well as through the Washington, DC, airspace 
(9/11 Commission, 2004, p. 242). 

At a meeting with an al-Qaeda facilitator in Spain in the summer of 2001, Mohammed Atta 
discussed details of the attack, including orders that if the pilots were unable to reach their 
objectives, they were to crash the planes. Atta considered targeting a nuclear facility, but the other 
pilots disliked the idea because of airspace restrictions, which would make reconnaissance around 
such sites difficult and increase the possibility of the planes being shot down. Al-Qaeda leaders 
determined that a nuclear strike would not have equal psychological value to attacking the WTC, 
as the center symbolized the economic strength of the United States. Atta further advised the 
following (9/11 Commission, 2004, p. 245): 


1. On their surveillance flights, box cutters were not of concern to security screeners. 

2. The best time to access the cockpit was 10—15 minutes into the flight when the cockpit doors 
were normally open. Atta discussed taking a hostage to compel the flight crew to open the 
doors but he felt this would not be necessary, as they should be open or unlocked anyway. 

3. To use airplanes on long flights, as they would have more fuel on board. 

4. To hijack Boeing aircraft because he believed Airbus aircraft had an autopilot feature that 
prevented planes from being crashed intentionally into the ground. 

5. And the “muscle hijackers” had all arrived in the United States without incident. 


Zacarias Moussaoui 

KSM testified that a “second wave” of attacks, which included Zacarias Moussaoui, was 
planned (Fig. 1.12). However, during the summer of 2001, he was too busy with the 9/11 
operation to put much effort into its planning. Moussaoui had taken flight lessons in Norman, 
OK, and asked about flight simulation materials for a Boeing 747. He also was moving forward 
with an application to Pan Am International Flight Academy, bought knives, and inquired about 
the use of portable global positioning system units for aviation (9/11 Commission, 2004, 

pp. 246—247). 

Moussaoui’s instructor at Pan Am notified authorities about his student’s unusual behavior. 
Moussaoui paid the full balance of his Pan Am training in cash ($6800), and it seemed odd to his 
instructor that Moussaoui was learning to fly large jets without any intention of obtaining a pilot’s 
license. Immigration authorities arrested Moussaoui on August 16, 2001. However, bin Laden and 
KSM did not learn of his arrest until after 9/11. KSM indicated that had they heard about the 
arrest they likely would not have gone forward with the attacks." This is an important point, as it 
demonstrates how unplanned events can deter an attack in the planning stages. Another important 
point is the flight instructor’s suspicions of his student and his actions to report those suspicions 
to authorities. This was information that could have led to discovery or mitigation of the plan to 
attack on 9/11. 





'8In 2006, Moussaoui plead guilty to six terrorism conspiracy charges and was sentenced to life in 
prison. 
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FIGURE 1.12 


Zacarias Moussaoui took flight lessons in the United States in preparation for his 
role in the 9/11 attacks. 


The System Is Flashing Red 

During the summer of 2001, warning reports of planned terrorist attacks increased to their highest 
level since the millennium alert. In May 2001, the FAA was notified of a potential plot to hijack 
US aircraft to free incarcerated terrorists in the United States. The FAA issued an information 
circular to US air carriers warning of such attacks. During that same time, CIA Counterterrorist 
Chief Cofer Black warned National Security Adviser Condoleezza Rice that the current threat 
level was 7 on a scale of 1—10, as compared to an 8 during the millennium alert. In June, the 
CIA notified its station chiefs about intelligence, suggesting al-Qaeda was planning a possible 
suicide attack against a US target. The Department of State notified all its embassies of the 
terrorist threat. By late June, a terrorist threat advisory warned of near-term “spectacular” attacks 
resulting in numerous casualties (9/11 Commission, 2004, p. 257). US Central Command raised 
the force protection condition level for its troops to the highest level. By July, the FBI 
Counterterrorism Division issued a message to federal and state law enforcement agencies 
warning of increased threat reporting that indicated a potential attack against US targets, but also 
stated that there was no credible threat of a pending attack within the United States. Also, many 
warnings circulating within the federal government suggested an attack was imminent at locations 
other than within the United States. 

In July 2001, an FBI agent in the Phoenix field office sent a memo warning of a coordinated 
effort by bin Laden to send students to US flight schools and recommended that specific actions 
be taken to further investigate this lead. The author of the memo stated that its subject was 
not related to suicide hijackings but more toward a potential bombing of US airliners. No one 
at FBI headquarters saw the memo before 9/11 and the NYC field office took no action. 
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The 9/11 Commission stated that if the memo had been read and followed up on, it may not 
have revealed the plot but may have made agents more sensitive to the threat when Moussaoui 
was arrested and therefore the matter taken more seriously. 

By July 31, the FAA issued another information circular alerting aircraft operators of possible 
near-term terrorist operations in the Arabian Peninsula or Israel, but the circular also stated it had 
no credible evidence of specific plans to attack US civil aviation. Intelligence activity regarding 
potential attacks seemed to drop in August 2001. The intelligence community issued an advisory 
concluding that warnings of an al-Qaeda attack would continue indefinitely. From an intelligence 
perspective, although many were watching, few of the reported activities were correlated. This 
sentiment is embodied in the 9/11 Commission’s comment, “The September 11 attacks fell into 
the void between the foreign and domestic threats” (9/11 Commission, 2004, p. 263). 

In an attempt to prevent future intelligence failures, on December 17, 2004, President Bush 
signed the Intelligence Reform and Terrorist Prevention Act of 2004. The act created the position 
of Director of National Intelligence (DNI). The DNI is now the president’s primary intelligence 
adviser with authority over budget and personnel decisions throughout the 15-member US 
intelligence community. 

In the summer of 2001, the FAA did not issue any security directives that mandated increased 
security at checkpoints or on board aircraft. Mostly the FAA urged air carriers to “exercise 
prudence” and be alert. Before 9/11, the FAA presented a CD-ROM to air carriers and airport 
authorities describing the increased threat to civil aviation. The presentation mentioned the 
possibility of suicide hijackings but indicated that no known group was planning to implement 
this type of threat. 

The FAA conducted 27 special security briefings for specific air carriers between May 1, 
2001, and September 11, 2001. Two of these briefings discussed the hijacking threat overseas. 
None discussed the possibility of suicide hijackings or the use of aircraft as weapons. No new 
security measures were instituted. 


Emergency Response 
In describing the concept of emergency response, the 9/1 1 Commission (2004) stated: 


Emergency response is a product of preparedness. On the morning of September 11, 2001, 
the last best hope for the community of people working in or visiting the World Trade 
Center rested not with national policymakers but with private firms and local public 
servants, especially the first responders: fire, police, emergency medical service, and 
building safety professionals. (p. 278) 


The 9/11 Commission Report touches on an important point of airport and aircraft operator 
security, which is the ability to both withstand an attack and recover from such an attack. The 
quicker an agency is able to recover from an attack, the less likely it is to be a target. 

The WTC towers housed approximately 50,000 workers, and the entire complex exceeded the 
office space of downtown Atlanta, GA, and Miami, FL, combined (Fig. 1.13). The towers 
provided a variety of features to mitigate fire and smoke damage; however, there was not a 
rooftop evacuation plan. Both roofs were sloped and cluttered with radiation towers. There was a 
helipad on the South Tower, which did not meet FAA certification for use. During the building 
fires on 9/11, strong updrafts and a lack of visibility resulting from the rising smoke rendered 
helicopter rescues impossible. However, several rescues from the roof during the 1993 WTC 
bombing seemed to leave those who worked at the WTC with the impression that helicopter roof 
rescues were part of the evacuation plan—however, they were not. 

In 1993, after a truck bomb exploded underneath the WTC towers in a parking garage, killing 
6 and injuring more than 1000, the towers lost power and communications, including emergency 
communications. The 9-1-1 emergency call systems were flooded, and the ensuing evacuation 
took 4 hours. These were important lessons learned, and the PANY&NJ (the offices of which 
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FIGURE 1.13 
The WTC towers. 





were located within the WTC) invested more than $100 million to make physical, structural, and 
technological improvements. The improvements included enhancements to power sources, 
emergency exits, a computerized fire alarm system, and the creation of a fire safety director 
position. Fire safety teams composed of office workers with fire wardens and searchers were 
created, along with twice-per-year fire drills. A radio repeater system was also installed in the 
towers to assist fire department personnel with radio communications. On 9/11, after both towers 
had been struck and response efforts were under way, the repeater system for the radios that was 
installed after the 1993 bombing worked only partially (in both towers) depending on the channel 
used and the particular radio broadcasting or receiving. 

The 9/11 Commission noted that the fire drills conducted in the WTC were not 
comprehensive enough to address such a massive fire as that caused by the aircraft on 9/11, 
and that tenants were never advised that a roof rescue was not part of the evacuation plan. 
During evacuation drills, tenants were advised to evacuate only a few floors below the fire. 
Apparently, WTC tenants were not the only individuals not informed of the lack of a roof 
rescue contingency. After the WTC North Tower was struck, a team from the New York City 
Police Department’s Emergency Services Unit (ESU) requested to be picked up at the Wall 
Street heliport to assist in a roof rescue. The team was advised that they could not land on 
the roof because of flames and heavy smoke. Regardless, ESU units and three New York 
Police Department (NYPD) helicopters remained ready to try a roof rescue if the conditions 
changed. 
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FIGURE 1.14 
The WTC on 9/11. 


The principal first responders on 9/11 were the Fire Department of New York (FDNY), the 
NYPD, the Port Authority Police Department (PAPD), and the Mayor’s Office of Emergency 
Management (OEM). The PAPD law enforcement officers are cross-trained in fire suppression 
methods. Their radios only worked well within the vicinity of their command, and they lacked 
standard operating procedures on how to manage officers from multiple commands who would 
respond to an incident. 

NYC’s OEM was tasked with monitoring communications between the FDNY, NYPD, and other 
agencies and to improve the city’s response to major incidents. The OEM office was located in 
7 WTC,’ a building that became structurally unsound as a result of the 9/11 attacks and collapsed 
by 5:00 pm the afternoon of September 11. Some questioned the decision to locate the OEM offices 
so close to the site of a previous terrorist attack. This is an important lesson for aviation security 
practitioners regarding the location of their own incident command centers (Fig. 1.14). 





197 WTC also housed offices from the US Secret Service, Department of Defense, the Securities 
and Exchange Commission, the Internal Revenue Service, and the Central Intelligence Agency. 
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Mayor Rudolph Giuliani had previously issued a directive regarding control of New York’s 
assets during an emergency. The directive stated that there would be an incident commander for 
each emergency and that OEM would act in an interagency support role. However, according to 
the 9/11 Commission, “FDNY and NYPD each considered itself operationally autonomous. As of 
September 11, they were not prepared to comprehensively coordinate their efforts in responding 
to a major incident. The OEM had not overcome this problem” (2004, p. 285). On 9/11, Giuliani 
and his staff did respond to 7 WTC, and then, on seeing its condition and the hazard to their lives, 
quickly evacuated and reestablished OEM’s function in a nearby church. 

When American Airlines Flight 11 struck the North Tower, for the first 10 minutes, most of 
the city of New York, including the tenants in the towers and the deputy fire safety director, did 
not know what had happened. The 9-1-1 emergency phone lines jammed, with some reporting 
that a commercial jet had struck the tower. Survivors in the North Tower gathered and prepared to 
evacuate, but many were trapped above the flames. Thick black smoke of burning jet fuel worked 
its way up through the upper floors and, with the prevailing winds, obscured visibility in the WTC 
South Tower. Although one fire safety director testified that a public evacuation announcement 
was made, many did not hear it because the intercom system was knocked out through much of 
the North Tower. Also, the NYPD aviation unit did not inform the 9-1-1 operators that rooftop 
rescues were not part of the plan, and therefore the 9-1-1 operators could not advise callers from 
inside the North Tower on which direction to go. 

At 8:57 am on 9/11, the FDNY ordered the South Tower evacuated. One company, Morgan 
Stanley, evacuated all of its employees, which occupied nearly 20 floors of the South Tower, on 
the decision of company security officials. This decision undoubtedly saved hundreds of lives. 

A public announcement from an unknown source in the South Tower was made, instructing 
tenants to remain on their floor or return to their offices. The 9/11 Commission concluded that 
several individuals were told it was safe to return to the South Tower. At 9:02 am, another public 
announcement was made ordering a general evacuation. This judgment was made because the 
North Tower crash was causing safety hazards for the South Tower, not on the supposition that 
there was another airplane targeting the South Tower. FDNY personnel also worried about their 
ability to fight the fire and whether water could be accessed in the upper floors. 

FDNY personnel established a command post in the lobby of the North Tower and began 
working with PAPD and OEM personnel. Structural engineers advised them that, although a 
partial floor collapse was possible, no one anticipated the collapse of the entire building. The 
lobby was filled with debris and walking wounded as the first plane crash caused a fireball to 
shoot down the elevator shaft, blowing out windows on the ground floor. The explosion 
caused the PAPD onsite commanding officer to dive for cover. PAPD units began to respond 
after the first plane hit but lacked standard written procedures for responding to outside 
commands. 

The OEM team had also responded and immediately activated its emergency operations center 
notifying numerous agencies from the FDNY, NYPD, Department of Health, and the Greater 
Hospital Association, in addition to the Federal Emergency Management Agency, and requested 
five urban search and rescue teams. 

Of note, despite certain failures, within 17 minutes of the first plane striking the North 
Tower, the city of New York initiated a massive evacuation and the largest rescue effort ever, 
deploying more than 1000 emergency responders, and made a critical decision—that they could 
not fight the fire. 

At 9:03 am EDT, United Airlines Flight 175 struck the South Tower. Many individuals killed 
in the South Tower died as they waited for overcrowded express elevators to take them out of the 
building after the order had come just | minute earlier to evacuate. A “lock release” order, which 
would unlock all the security doors in the South Tower and was part of the building’s 
computerized security system, was transmitted to the Security Command Center, located in the 
North Tower. Damage to the software controlling the system prevented the order from being 
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executed. The situation in the South Tower was exacerbated because of the 9-1-1 phone 
operators’ lack of awareness of exactly what was occurring. Many evacuees calling the 9-1-1 
phone emergency number were put on hold or given erroneous information. 

In The 9/11 Commission Report, the FDNY made another important point. The FDNY was 
unable to receive information from NYPD helicopters, which had a bird’s eye view of the 
situation. According to one FDNY chief, citizens watching TV had more information about what 
was going on than did the command team onsite. 

At 9:37 am EDT, American Airlines Flight 77 struck the west wall of the Pentagon. However, 
the ensuing incident response to the Pentagon was far less hectic than the response at the WTC. The 
9/11 Commission Report highlights that in contrast to the WTC attacks, the Pentagon was not 1000 
feet up, was a single incident, and had relatively easy access. In addition, the incident command 
post had a complete view of the site, and there were no other buildings in the immediate area. 

The 9/11 Commission outlined other items significant in regard to incident command on 9/11: 


Cell phones were of little value because of overloaded circuits. 

Radio channels were oversaturated. 

Problems with command, control, and communications occurred at both sites. 

Changes made by the PANY&NJ after the 1993 bombing improved the evacuation on 9/11, 
including dropping the general evacuation time from 4 hours to 1 hour. 

First responders played a significant role in successes of that day. 
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Many of the first responders were actually private-sector citizens. 

7. NYPD and FDNY 9-1-1 operators were not a part of the plan (to the detriment of the entire 
incident). 

8. Civilians need to take personal responsibility for maximizing their probability of survival 
during a disaster. 

9. There were significant chain-of-command challenges between all responding agencies. 


The 9/11 Commission 

One of the most important post-9/11 aviation security—related publications was from The 
National Commission on Terrorist Attacks Upon the United States (9/11 Commission, 2004), 
known as The 9/11 Commission Report (see Fig. 1.10). This report, commissioned by President 
Bush in 2002, outlined both the structure and actions of the 9/11 attacks and provided a broad 
look into the issues that contributed to the attacks. The 9/11 Commission provided a series of 
recommendations for fixing the aviation security system and the US intelligence industries. 

The mandate of the 9/11 Commission included the investigation of facts and circumstances 
relating to the terrorist attacks. This investigation included the related roles of intelligence 
agencies, law enforcement, immigration and border control, commercial aviation, and 
congressional oversight. Nearly 1200 individuals were interviewed and more than 2.5 million 
pages of documents reviewed. The 9/11 Commission learned that the enemy is “patient, 
disciplined and lethal” and that the “institutions protecting our borders, civil aviation and national 
security did not understand how grave [the] threat and did not adjust policies, plans and practices 
to deter or defeat it” (9/11 Commission, 2004, p. xvi). 

With regard to the 9/11 attacks, the 9/11 Commission highlighted four fundamental failures in 
US aviation security (2004, p. 339), a failure of 


imagination, 
policy, 
capabilities, 
management. 


etre 


Failure of imagination ties directly to the performance of those in the position of protecting civil 
aviation. Without the imagination to conceive of different forms of attack, policies are not created, 
capabilities are not developed, and management is not trained, directed, and focused on new forms 
of attack. 
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FIGURE 1.15 


“Expanded thinking” as related to mitigating new forms of attack. 





The 9/11 Commission noted that they were making recommendations with the benefit of 
hindsight. However, analysis of the 9/11 attacks by the 9/11 Commission has created a norm for 
security policy makers and managers to interactively “imagine” or develop strategies to counter 
new forms of attack (Fig. 1.15). When foresight and planning by security specialists stagnate, then 
the probability and seriousness of other forms of attack increase. 

Before 9/11, several attacks, along with intelligence data, in retrospect, indicated that suicide 
attacks were highly probable. In 1994, a group of Algerian terrorists hijacked a plane and 
threatened to crash it into the Eiffel Tower in Paris, France. Also in 1994, a private plane crashed 
on the south lawn of the White House. In 1995, an accomplice of Ramzi Yousef told Philippine 
authorities of a plot to crash a plane into CIA headquarters (9/11 Commission, 2004, p. 345). 
However, when the Gore Commission” studied aviation security in 1997, the commission did not 
consider a suicide hijacking a possibility. 

Al-Qaeda had used suicide truck-bomb attacks and a ship bomb to attack the U.S.S. Cole.*! 

In 1998, a presidential daily briefing highlighted a potential plan for al-Qaeda to hijack a plane to 
free prisoners. Various US intelligence reports also mentioned the possibility of an aircraft filled 
with explosives being flown into a US city. In August 1998, another report mentioned the intent 
of Libyan operatives to crash a plane into the WTC. In addition, Richard Clarke (the White House 
counterterrorism adviser) chaired a security analysis in which a stolen business aircraft loaded 
with explosives would be flown with the intention of crashing into and destroying the White 
House. Pentagon officials suggested the military would respond to that threat by scrambling 
fighter jets from Langley Air Force Base, but admitted they would need clarification on the Joint 
Chiefs of Staff Rules of Engagement” before shooting down the plane (9/11 Commission, 2004, 
p. 345). 

In 1999, the FAA’s security office summarized potential threats from bin Laden but focused 
mostly on the probable hijacking of an aircraft to secure the release of prisoners. The FAA team 
stated that a suicide hijacking does not allow for dialog and would be a last resort. NORAD 
envisioned a form of suicide attack from a hijacked aircraft but made the assumption it would 
be coming from outside the United States and that they would have time to react to the threat 
(9/11 Commission, 2004, p. 346). 





Formally titled the White House Commission on Aviation Safety and Security. 

The guided missile cruiser U.S.S. Cole was attacked by suicide bombers on October 12, 2000, 
while harbored in the Port of Yemen; 17 sailors were killed. 

Joint Chiefs of Staff Rules of Engagement are policies established for US military services to 
determine appropriate actions or responses to various threats or conditions. 
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The 9/11 Commission noted that since the attack on the United States at Pearl Harbor in 1941, 
the intelligence community developed rigorous analytic methods to forestall an attack. The four- 
step process was essentially to do the following (9/11 Commission, 2004, p. 346): 


Imagine how surprise attacks may be launched. 

Identify telltale indicators that such attacks were being planned. 

Develop and collect intelligence on such indicators. 

Develop defenses to deflect the most dangerous possibilities or at least provide an early 
warning. 


ToO 


The first component, imagination, is critical to the rest of the intelligence process. The 9/11 
Commission noted that because the type of attack that took place on 9/11 had not yet been 
conceived, it did not perform an analysis from the enemy’s perspective, commonly referred to as 
red teaming. Without attack indicators, such as possible terrorists learning to fly large-jet aircraft, 
no system was in place to identify and report such indicators. Also, without such indicators, the 
FBI and other law enforcement agencies were not focused on this type of activity, and, hence, no 
credible threats were established (9/11 Commission, 2004, p. 347). Threat information going to 
airport and aircraft operators was the same information that they had been receiving for years, 
which was that hijackings remain possible. No information indicated that suicide hijackings were 
being planned. 


Fixing the Weaknesses in Aviation Security 

The 9/11 Commission agreed that sustaining a layered security system is a fundamental principle 
of aviation security. The layered security system is a proactive approach to predicting terrorist 
activity and reacting with overlapping strategies, tactics, and methods in ways that mitigate 
possible deficiencies in any specific security layer (Elias, 2005, p. 3). The 9/11 Commission 
outlined five weaknesses in the aviation security system (Elias, 2005, p. 1): 


1. Prescreening processes that focus on detecting potential aircraft bombers rather than potential 
hijackers. 

Relaxed checkpoint screening and permissive rules regarding small knives. 

A lack of in-flight security measures such as air marshals and reinforced cockpit doors. 

An industry-wide strategy of complying with hijackers in a nonconfrontational manner. 

A lack of protocols and capabilities for executing a coordinated FAA and military response to 
multiple hijackings and suicidal hijackers. 


APER 


Items 3—5 were previously addressed in the ATSA 2000 legislation and in the Homeland 
Security Act of 2002. The 9/11 Commission placed emphasis on weaknesses 1 and 2 (Elias, 
2005). The 9/11 Commission’s recommendations for addressing weaknesses in aviation security 
are as follows: 


Enhance passenger prescreening. 

Improve measures to detect explosives on passengers. 

Examine human factors issues at screening checkpoints. 

Expedite deployment of inline baggage screening systems. 

Intensify efforts to identify, screen, and track cargo. 

Deploy hardened cargo containers. 

Institute risk-based prioritization as the basis for transportation security policy and the creation 
of a strategic plan for aviation security. 


EN A a e 


At the time of the 9/11 Commission’s recommendations, CAPPS, the existing passenger 
prescreening system, was based on certain characteristics surrounding the purchase of an 
airline ticket and, at the time, a traveler’s response to certain questions asked by ticket agents. 
If a passenger was preselected, then he or she would be subjected to additional screening. 
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This additional screening, however, was used only to deter an airline bombing, not a hijacking. 
The CAPPS program was managed by the airlines. The follow-up program, CAPPS II, has been 
tied up in controversy, specifically over the privacy issues of airlines providing passenger 
identification data to the US federal government. The 9/11 Commission was careful to avoid 
endorsing a specific screening program but did state that some sort of comparison of traveler 
names with the names on various terrorist watch lists needed to occur. Some limited testing of 
elements of the CAPPS II program continues, but now under the name Secure Flight. 

With respect to checkpoint screening, the 9/11 Commission focused on Ramzi Yousef’s 
Operation Bojinka plot to bomb 12 US airliners over the Pacific Ocean. The 9/11 Commission 
recognized the limitations of passenger and baggage screening devices and encouraged the 
development and implementation of newer technology with better detection abilities. Several 
US airports are now testing newer methods of passenger and baggage screening including the 
use of EDSs. The 9/11 Commission also focused on human factors issues related to the security 
screening workforce and the accelerated implementation of inline EDSs. 

The 9/11 Commission made several recommendations regarding the security of air cargo, 
including methods to track and screen potentially dangerous air cargo shipments, the use of at 
least one hardened cargo container on commercial airliners, and the protection of all-cargo 
aircraft. Subsequent to the 9/11 Commission’s findings, the TSA has issued revised air cargo 
regulations. 

Finally, the 9/11 Commission reiterated a long-term approach to protecting aviation and the 
greater intermodal transportation system by utilizing a risk-based analysis. By conducting risk 
assessment and developing an aviation security strategic plan, policies can be formed and funding 
can be directed at those areas of highest risk and highest loss of life and property, should an 
attack occur. 
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Crime and terrorism in 
aviation 
A retrospective 


OBJECTIVES 


Author’s Note: One of the challenges in writing a textbook on aviation security in 
the age of the Internet is validating historical events. Often there are conflicting 
references, or subsequent additional information is found that changes what we once 
thought to be true. In previous editions of this text, we listed the 1931 hijacking 
of a Ford Tri-Motor, piloted by Byron Rickards, out of Lima, Peru, as the first 
recorded hijacking. Our initial references have since been updated, but now actually 
conflict. The web site http://www.centennialofflight.net (U.S. Centennial of Flight 
Commission, n.d.) notes a 1930 hijacking of a Pan American airplane out of Lima, 
Peru, but the Aviation Safety Network (ASN) Aviation Safety Database (Aviation 
Safety Network, n.d.) lists the Rickards hijacking in 1931 as the first. Numerous 
other references support this claim so until more evidence is discovered to the con- 
trary, we are using the Rickards hijacking as the first recorded hijacking in commer- 
cial aviation. There may be instances throughout this chapter where contradictions 
exist from with earlier versions of the text and are so noted. 


INTRODUCTION 


Of all forms of transportation, aviation continues to be the most fascinating to 
criminals and terrorists, who know that when an airport or airplane is attacked, 
the attack will draw the most attention from the public and the media. In spite of 
numerous other targets that are available, terrorists continue to return to aviation. 
Wilkinson and Jenkins (1999) posit that of the available forms of theater, few are 
so captivating figuratively, as hijackings and airline bombings. The boldness of 
the action, the large numbers of people involved as hostages and/or victims, the 
ease with which national boundaries can be traversed or international incidents 
created combine to make air terrorism one of the most attractive forms of terrorist 
or criminal action (Wilkinson and Jenkins, 1999, p. 27). In the early days of TV, 
terrorists knew that hijacking or bombing an airliner was a guaranteed method of 
getting their message heard around the world. Today, social media, 24/7 satellite 
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TV coverage, and a news media hungry for ratings still make committing an act 
of air terror a highly effective means of spreading whatever message the attacker 
is trying to send. 

The passage of the Air Commerce Act in 1926 is generally considered to be 
the beginning of commercial aviation. The Act charged the Secretary of 
Commerce with fostering air commerce, creating air traffic rules, establishing 
licensing requirements for pilots and aircraft, and establishing the national airway 
system. As with all other forms of transportation, criminals soon learned to exploit 
aviation for their own purposes—just as highwaymen robbed travelers on foot 
throughout England, train robbers took over the rail lines in the Old West, and 
pirates terrorized the shipping lanes of commerce between continents, it took just 
5 years before a group of people figured out how to exploit aviation, and the indus- 
try would soon experience its first act of unlawful interference. 


Unlawful interference is a term used by the International Civil Aviation Organization (ICAO, 
2011, p. 1-1) to describe an act or attempted act to jeopardize the safety of civil aviation, 
including but not limited to: 


. Unlawful seizure of an aircraft. 


. Destruction of an aircraft in service. 
. Hostage-taking on board aircraft or on aerodromes (ie, airports). 


. Forcible intrusion on board an aircraft, at an airport, or on the premises of an aeronautical 
facility. 

. Introduction on board an aircraft or at an airport of a weapon, hazardous device, or material 
intended for criminal purposes. 

. Use of an aircraft in service for the purpose of causing death, serious bodily injury, or serious 
damage to property or the environment. 

. Communication of false information such as to jeopardize the safety of an aircraft in flight or 
on the ground, of passengers, crew, ground personnel or the general public, at an airport or on 
the premises of a civil aviation facility. 





From the 1930s until the early 1960s, a few airline hijackings and airline 
bombings occurred, but not enough to draw a significant response from the gov- 
ernment. By the 1960s, with the rise of several terrorist organizations, and the sig- 
nificant attention that an attack on aviation brought to the aggressor, airline 
bombings and hijackings increased, both in the United States and throughout the 
world. Between 1970 and 1974, as hijackings became more deadly and the indus- 
try saw its first active shooter and an airport bombing, both ICAO and the US 
government began to take significant legislative action before the problem got 
any farther out of control. 

After the implementation of passenger and carry-on baggage screening in the 
early 1970s, hijackings and bombings in the United States dropped off signifi- 
cantly, as they did around the world. While hijackings occasionally still occurred 
in the United States, most of the hijackings occurred overseas, particularly on Pan 
Am and TWA flights, both US-flagged air carriers. 


Air Terrorism Through the Ages 


Between 1985 and 1990, several hijackings and two major airline bombings 
resulted in numerous security changes, which would stay relatively stable throughout 
the next decade. Unfortunately, the bombing of Pan Am Flight 103 in 1988, along 
with the lack of a successful hijacking throughout the 1990s, focused the industry on 
protecting aircraft from being bombed—and by 2001, aircraft hijacking was nearly 
considered a thing of the past. 

Although 9/11 caused the aviation industry to change practices, both in the 
United States and throughout the world, terrorism and crime in the aviation 
domain continues. Some enemies, such as Osama bin Laden, were eliminated, but 
others (ISIS/ISIL) took their place. Since 9/11, active shooter incidents have risen 
both at airports in the United States and throughout the world. Additionally, at 
least two incidents of bombings inside the public area of an airport terminal (at 
Moscow and Brussels) and at least one attempted vehicle-borne improvised explo- 
sive attack (at Glasgow) occurred. New forms of attack, including the threat of 
cyber-attack and unmanned aerial vehicle (UAV) attacks on aircraft, airports, and 
the airspace system, have taken shape. Soon, just as criminals and terrorists found 
ways to exploit the budding aviation industry in the 1930s, they would likely find 
ways to exploit the burgeoning space commercialization industry in addition to 
the aviation industry. 

Attempts to bomb commercial aircraft, along with the occasional hijack 
attempt, have continued. Criminals have attempted to shoot down airliners with 
surface-to-air missiles, to bomb terminal buildings with both improvised explo- 
sive devices and vehicle-borne improvised explosive devices (VBIEDs), to bomb 
commercial aircraft by shipping bombs via air cargo, and to have a bomb deliv- 
ered by an airline insider. Despite the increased focus on preventing attacks on 
aviation, terrorists and criminals continue to see aviation as a high-value target. 

With each new security measure meant to deter or prevent a form of attack, 
criminals and terrorists continually develop new methods to circumvent the pro- 
tections put into place. The history of aviation security is one of a series of 
actions and reactions, starting with literally no security measures, to the full body 
scans, and CAT-scan grade X-ray machines of today, which comprise only a few 
layers of a multilayered system. 


AIR TERRORISM THROUGH THE AGES 


By examining past attacks on aviation, it becomes apparent that one of the diffi- 
culties of aviation security is that acts to mitigate threats often create the next 
challenge. Criminals and terrorists become more creative, more daring, and more 
deadly as new technologies and strategies are introduced to prevent certain 





lFor an excellent review of aviation security incidents from the 1930s to the mid-1990s, examine 
David Gero’s 1997 book. 
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avenues of attack. Although closing vulnerabilities in the security system may 
reduce the number of criminal or terrorist attacks, it also increases the potential 
severity of future attacks, which was demonstrated on 9/11. Malcolm Gladwell 
characterized this problem by stating, “Airport-security measures have simply 
chased out the amateurs and left the clever and the audacious” (2001, section 3). 
However, considering that several attempted attacks since 9/11 were unsuccessful 
due to the incompetence of the terrorists, most notably the underwear bomber on 
a Northwest Airlines flight into Detroit in 2009 and the shoe bomber in 2001, it 
seems that aviation terrorists are still filled with plenty of amateurs. 

It is important to the professional aviation security practitioner to remember 
the key incidents that have occurred and pose a threat to aviation, so that practi- 
tioners remember why certain security measures are in place and can articulate 
those reasons to policy makers who may seek to retract or nullify the security mea- 
sures. Additionally, the general public is typically more willing to go along with 
the inconveniences associated with aviation security when the public can remem- 
ber why the security measures are necessary. Few forms of crime or terrorism per- 
petrated in the aviation industry are completely new, although certain tactics and 
motives may change. By learning from the past, security practitioners may be able 
to project what to do in the future, to stay one step ahead of the next attack. The 
ensuing sections are intended to provide aviation security practitioners with: 


1. A basic overview of aviation security incidents. 
2. Explanations of the impacts of aviation security’s watershed events. 
3. The relevance of lessons-learned. 


Criminal and terrorist acts against aviation started with the first hijacking in 
1931 and possibly the first airline bombing in 1933. Airport attacks including 
attacks on airline offices started in the late 1960s. The eras of attacks on aviation 
can be subdivided into four basic periods: 


1930—79 

1980—90 

1990—2001 

Post-September 11, 2001 (9/11). 


PON> 


Before the 1960s, most hijackers were motivated by a desire to escape from 
some form of persecution or prosecution or a hostage taking to extort money. 
Hijacking a flight to Cuba or Mexico from the United States was common and 
usually intended to provide an escape from prosecution for a crime. By the early 
1970s, extradition treaties between Cuba and the United States effectively ended 
this practice; however, hijackings continued with new motives. In the 1950s and 
1960s, airline bombings were also rare, and when they occurred, they were usu- 
ally motivated by insurance fraud. 

By the 1960s, hijackings turned deadly and soon became standard operating 
procedure (SOP) for Middle Eastern terrorist groups who often used the tactic to 
leverage hostages for the release of political prisoners and to call attention to their 
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cause. Consequently, as the United States and other governments began to 
develop responses to hijacked aircraft, hijackings became a dangerous 
endeavor—more so for the hijackers than the hostages. For a period of time in the 
1960s, hijackings occurred at the rate of approximately 10 per year, the majority 
ended with the shooting deaths of the hijackers by airline security officers, local 
police, FBI agents, or military personnel. Some hijackings ended in negotiated 
surrenders, but very few ended in the safe passage of the hijackers to a country 
with a nonextradition policy. Throughout the late 1960s and early 1970s, passen- 
ger and carry-on baggage searches became SOP, which reduced the occurrence of 
both hijackings and bombings, for a period of time. 

By the 1980s, hijackings or bombings over US soil were rare, but hijackings 
and bombings of US-flagged airlines on international routes were routinely targets 
of air terrorism. 

The 1980s were also characterized by two of the deadliest airline bombings: 
Air India Flight 182 in 1985 and Pan Am Flight 103 in 1988. In the late 1980s, 
an airline employee brought a gun onto a company aircraft and downed the plane, 
killing all 44 on board. Combined, these incidents would result in the passage of 
the Aviation Security Improvement Act of 1990, which set the foundation for 
security practices in the United States for the next 6 years. 

Throughout the 1990s, hijackings and bombings continued primarily overseas. 
The crash of TWA Flight 800 off Long Island, New York, in 1996, which was 
not attributed to an attack, resulted in the White House Commission on Safety 
and Security and the passage of the Aviation Security and Anti-terrorism Act of 
1996. Some changes were made as a result of the Act, but the aviation security 
system in the United States was fundamentally the same system in place in 1990. 
The terrorist attacks on 9/11 would signify the first major aviation security inci- 
dent in more than 10 years. 

Subsequent to 9/11, there have been other forms of attack on aviation, such as 
man-portable air-defense systems (MANPADs) and suicide bombings (outside the 
United States), along with several attempted bombings both against US aviation 
and international carriers, along with a few successful attacks, most notably active 
shooter incidents at airports. An abundance of legislation continues to reshape the 
aviation security system,” resulting from the massive loss of life and negative eco- 
nomic impact of 9/11. Every year, more legislation is introduced (not all of it suc- 
cessful), and the Transportation Security Administration (TSA) continues to 
modify regulations through the use of Security Directives and other means. 

Overall, hijackings have been the preferred method of air terror, constituting 
nearly 90% of all attacks. However, with the exception of 9/11, airline bombings 
have taken more lives. As such, the majority of aviation security regulations and 
policies focus on protecting aircraft. Only about 5% of all attacks on aviation have 





Since 9/11, several significant legislative acts have passed that have affected aviation security 
policy and practices, including the Homeland Security Act of 2002 and the National Intelligence 
Reform Act of 2004. 
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been attacks on or at an airport. Since 9/11, the number of attempted hijackings 
has fallen significantly while airline bombings continue to be attempted. 

In 1999, Ariel Merari, professor of psychology at Tel Aviv University and one 
of Israel’s leading academic experts on terrorism, concluded that the effectiveness 
of aviation security measures had little effect. Merari concluded that the average 
hijacker had an 81% chance of actually seizing control of an airliner, whereas the 
success rate of bombing an airliner was 76% (Wilkinson and Jenkins, 1999). 
Furthermore, Merari stated that it was not widespread negligence or indifference 
by security personnel that were the problems, but a lack of foresight and the lim- 
itations of getting actionable intelligence to airport and aircraft operators. This is 
important, because the 9/11 Commission’s findings stated there was a “failure of 
imagination” and noted significant problems in obtaining intelligence information 
from the Federal Aviation Administration (FAA) and then transferring that infor- 
mation to airport and aircraft operators who could implement protective measures. 

Somewhat hauntingly familiar is an internal investigation of the TSA’ s screen- 
ing effectiveness, which was leaked in 2015, revealed that undercover investiga- 
tors were able to smuggle mock explosives or banned weapons through 
checkpoints during 67 out of 70 tests, a failure rate of 95% (Fishel et al., 2015). 
At the time, the TSA was in between leadership, as former US Coast Guard 
Admiral Peter Neffenger was in the process of moving through confirmation hear- 
ings, to become the next TSA Administrator. Upon appointment, one of his 
changes was to refocus TSA screeners from trying to keep passenger throughput 
quick and efficient to looking for prohibited items. Neffenger established a new 
2-week training program for screeners at the Federal Law Enforcement Academy 
in Glynco, GA, in the hopes of obtaining better results (Van Cleave, 2016). 

When carefully studied, previous attacks on aviation and non-aviation targets 
can sometimes provide insights into future methods of attack. As an example, the 
suicide bombings committed on two Russian airliners in August 2004 were not 
the first instances of suicide bombings. In June 1975, 29 years before the Russian 
airliner bombings, 63 passengers and 5 flight crewmembers were killed when a 
saboteur carried a bomb on board a Philippine Airlines aircraft and detonated it in 
the lavatory. In this case, the pilot survived and managed to land safely. Three 
years later, the same airline experienced another suicide-bombing attempt. 
However, this time the bomb only killed the saboteur when it blew the attacker 
out of the aircraft at 24,000 feet (Gero, 1997). Even the 9/11 terrorist attacks 
were not without precedent. The concept of hijacking an aircraft and crashing it 
into a target on the ground, or at least into the ground, was not new, with at least 
three attempts in the early 1970s and another attempt in 1994. 

In previous editions of this text, it was noted that in two separate incidents, crim- 
inals shot passengers waiting in ticket lines in the Los Angeles International Airport 
and the New Orleans International Airport, and that security practitioners should 
focus on the tactics and strategies that will mitigate similar future attacks. Security 
professionals should also expand the implications and outcomes of such an attack if 
perpetrated by an organized, trained, and heavily armed group. Contingencies can 
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then be developed to handle both small- and large-scale forms of attack by orga- 
nized terrorists. In 2013, another active shooter incident occurred at the LAX air- 
port, this time in Terminal 3. The shooter killed TSA agent Gerardo Hernandez, and 
injured three others, before he was shot and wounded by LAX police. Worldwide, 
there has been a rise in organized active shooter incidents, including attacks in 
Paris, France and in San Bernardino, CA. In response, airport police throughout the 
United States have devised, or revised, their active shooter response protocols. 

A traditional mistake the aviation security industry seems to make is that it 
often does not learn from close calls or near tragedies. In 1999, Ahmed Ressam 
attempted to detonate an improvised explosive device at Los Angeles 
International Airport. It was only through the curiosity and diligence of a Port 
Angeles customs inspector that Ressam was caught. The attempt did nothing to 
fundamentally change the protections already in place at US airports. One may 
ask if, had the attempt been successful, airport operators would have been given 
new directives concerning the protection of their facilities. 

Finally, threats from individuals working inside the aviation system represent one 
of the most dangerous forms of attacks on aviation. The possibility that an airport or 
airline employee will be the primary or supporting actor in an attack on aviation is 
frightening from several perspectives. First, aviation employees are entrusted with 
protecting passengers from both safety and security risks. Second, aviation employ- 
ees have greater knowledge about how the aviation security system operates, and in 
some cases may have detailed knowledge of how law enforcement handles hijack- 
ings, bombings, and other attacks. Third, aviation employees have approved access 
to airports and aircraft and thus may bypass many of the airport’s security layers. 

Some of the most significant aviation security incidents, including the hijack- 
ing of TWA Flight 847, the downing of PSA Flight 1771, and the bombing of Pan 
Am Flight 103, involved individuals working within the airport system. Although 
these events occurred in the 1980s, some of the very first hijackings also involved 
airport and airline employees, either as a facilitator or as the assailant. 


1930—60: THE FIRST 30 YEARS 


The first recorded hijacking occurred on February 21, 1931, in Arequipa, Peru. 
Armed revolutionaries approached Byron Rickards and demanded use of his air- 
craft (a Ford Tri-Motor). However, Rickards refused the use of his plane for sev- 
eral days. Finally, the revolutionaries informed Rickards that their uprising had 
been successful and he was free to go, provided he flew one of their members to 
Lima, Peru. This, arguably, was a hijacking because the revolutionaries forced the 
unauthorized use of an aircraft.’ The hijacking demonstrated a fundamental 





3Air piracy is defined under 49 U.S.C. 1472i (reference (p)) as any seizure or exercise of control, 
by force or violence, or threat of force or violence, or by any other form of intimidation and with 
wrongful intent, of an aircraft within the special aircraft jurisdiction of the United States. Hijacking 
is a modern term for air piracy. 
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precept in aviation security—criminals and terrorists will assess new technologies 
(in this case, aviation) and determine if those technologies can improve their 
chances for success. 

There are parallels between this first hijacking and the potential to use UAVs 
to commit acts of unlawful interference, or in the space commercialization 
industry—that is, terrorists see a new method of transportation that is drawing 
significant attention, so they may decide to make use of the new technology for 
their own purposes. This was seen in the early 1990s, as Osama bin Laden 
assessed the possibility of using agricultural aircraft to deliver chemical or biolog- 
ical weapons. The possibility of arming a UAV and then flying it into an aircraft 
or using it to commit a crime, such as flying a drone carrying an explosive over 
security assets to a target site or to an individual, are all within the realm of possi- 
bility. Future terrorists may seek to sabotage a commercial space launch, and the 
Defense Nuclear Detection Organization has previously shown interest in the 
ability of a terrorist to bring a nuclear device into the United States using a 
general aviation aircraft, which would potentially bypass radiological and chemi- 
cal sensing equipment in place at numerous US border areas. 

The first airline bombing occurred in 1933, when a United Airlines Boeing 247 
was destroyed en route from Cleveland, OH, to Chicago, IL, killing all seven indi- 
viduals on board.“ Investigators determined that a nitroglycerin-based explosive 
detonated by a timing device destroyed the aircraft. In this case, no one was prose- 
cuted for the attack (Gero, 1997). At the time of the 1931 hijacking in Arequipa, 
Peru, and the aforementioned Boeing 247 bombing, there were no passenger or 
baggage screening requirements. Passengers arrived at the airport and boarded the 
aircraft without any security screening. Regulations addressing these types of avia- 
tion security concerns would not begin until 1971, nearly 40 years later. 

Insider threat is not new to the aviation industry: in 1949, a pilot and hijacker 
worked together to hijack a Hungarian Airline flight. In 1958, airline flight crew- 
members hijacked two aircraft and flew the planes to the United States. In 1966, 
a hijacker on a flight en route from Santiago de Cuba to Havana turned out to be 
the aircraft’s second officer. There have been numerous occurrences throughout 
aviation’s history when an “insider” facilitated or assisted in an attack on avia- 
tion; although recently, the topic is getting more attention than ever before. 

In the 1940s and 1950s, commercial aviation was still in its infancy and 
crashes, while not frequent, still occurred. Airports installed insurance kiosks 
inside their terminal buildings so that passengers could purchase insurance on 
themselves before departure. However, criminals used insurance kiosks to commit 
insurance fraud. At the time, the forensic abilities of investigators and law enforce- 
ment agencies were not always capable of determining if an airplane crash was an 





“There may have been an earlier bombing in March 1933 over Dixmude, Belgium, when an 
Armstrong Whitworth Argosy trimotor aircraft caught fire and crashed, killing 12 passengers and 3 
crewmembers. Investigators determined that a fire started in the rear of the aircraft in a passenger’ s 
suitcase or in the lavatory. However, sabotage was never proven conclusively (Gero, 1997). 
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accident or an intentional event. The airline bombings in 1949 marked the begin- 
ning of a series of insurance frauds involving commercial aircraft. 

Aircraft-related bombings for insurance scams reached great significance in 
1955 with the bombing of United Airlines Mainliner Flight 629. A bomb 
destroyed Flight 629 while departing Denver’s Stapleton International Airport to 
Portland, OR. All 44 on board perished, including Daisie Eldora King, the mother 
of John Gilbert Graham. An investigation determined that Graham had placed 
dynamite inside his mother’s luggage in an attempt to claim more than $37,000 in 
life insurance money.’ Grant’s trial determined him guilty of murder. Shortly 
after the Graham bombing, another individual, Julian Frank, insured himself in an 
attempt to will money to his relatives. Frank blew up his flight by carrying dyna- 
mite within his carry-on bag. 

Insurance-related attacks can also be construed as “passenger-dupe” scenarios. 
This form of attack uses a passenger who unknowingly brings explosives onto an 
airplane in his or her luggage. The passenger-dupe scenarios eventually led to the 
development of “first-level” passenger profiling. This profiling policy introduced 
two of the most common questions asked by security personnel in air travel en 
route before 9/11: 


1. Has anyone unknown to you asked you to carry an item on this flight? 
2. Have any of the items you are traveling with been out of your immediate 
control since the time you packed them? 


Between 1947 and 1953, there were 23 hijackings worldwide. Europeans seek- 
ing various forms of political asylum committed most of these hijackings. In the 
United States, between 1930 and 1967, 12 hijackings were attempted; 7 of these 
attempts resulted in successful hijackings (Moore, 1976). Providing firearms and 
related training to airline pilots in the United States became an additional layer of 
security designed to prevent hijackings. While the arming of pilots after 9/11 is a 
heavily contested industry issue, the first recorded case of an armed pilot shooting 
a hijacker occurred on July 6, 1954. A 15-year-old stormed the cockpit of an 
American Airlines DC-6 at the Hopkins Municipal Airport in Cleveland, OH 
(Gero, 1997). The captain of the flight was carrying a .380-caliber pistol in his 
flight bag, as required by US postal regulations, and shot and killed the hijacker 
(Moore, 2001). In the early days of mail carriage, postal carriers were required to 
be armed, which included pilots of aircraft transporting mail. 


1960—80: THE EARLY “JET AGE” 


Fidel Castro’s rise to power coupled with the lack of passenger or baggage 
screening requirements in the 1960s and early 1970s established a period of 





°Graham was executed in the Colorado gas chamber in 1957. The story may have been the inspira- 
tion for the 1970 Arthur Haley novel and 1973 movie Airport. The actual investigation and details 
of the entire incident are covered excellently in Andrew Field’s 2005 book. 
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prolific hijackings. More than 240 hijackings or attempted hijackings were related 
to flying to or from Cuba between 1960 and 1974. This increase in hijackings 
resulted in the US Congress passing the Anti-hijacking Act of 1974, mandating 
passenger and carry-on baggage screening. Even after the Act went into effect, 
there were still 60+ hijacks or hijacking attempts involving Cuba between 1974 
and 1989. 

In 1961, Antuilo Ramierez Ortiz used a gun to force the flight crew of a 
National Airlines’ jet to divert to Cuba, and thus became the first US hijacker 
(Department of State, 2006). Soon after, President John F. Kennedy ordered 
armed law enforcement officers into the skies, thus creating the first air marshal 
program. US Congress also approved legislation mandating the death penalty or 
20 years in prison for hijacking an aircraft.° In 1971, the US regulations covering 
aviation were amended to include Federal Aviation Regulation Part 107 Airport 
Security, which made airports responsible for protecting the airfield from unlaw- 
ful intrusion. 

The years between 1968 and 1973 marked the peak of hijackings and use of 
antihijacking measures. During that time, the US Department of Transportation 
(DOT) estimated that 364 total hijackings occurred worldwide. The majority of 
hijackings throughout this period were for one of three reasons: political asylum, 
release of prisoners, or financial gain. In 1968, 19 of 22 hijackings concluded in 
Cuba with the majority hijacked while on intrastate routes in the United States. 
The high rate of hijackings caused the FAA to create a task force to study meth- 
ods to deter future hijackings. Their findings resulted in the first hijacker profile, 
along with limited use of metal detectors to screen passengers. During this time, 
several airlines voluntarily began using walk-through metal detectors, more com- 
monly referred to as magnetometers. The hijacker profile was a set of behaviors 
that hijackers would generally follow after hijacking an aircraft, specifically to 
allow the aircraft to land and let negotiations begin. 

By 1969, the number of hijackings reached an epic proportion. In 1970, 
hijackings to Cuba reached 32 for the year. By the late 1960s and early 1970s, 
the world was moving into the “jet age,” bringing about faster aircraft that could 
carry more passengers and more fuel, meaning hijackers could now fly farther 
and faster and had more hostages on board. Then, the following three attempted 
hijackings occurred in the early 1970s that are eerily reminiscent of the motiva- 
tion and tactics of the 9/11 hijackers. 


1. On March 17, 1970, on board Eastern Airlines Flight 1320 en route from 
Newark, NJ, to Boston, MA, passenger John DiVivo entered the cockpit with 
a gun and ordered the crew to continue flying until the plane ran out of fuel 
and crashed. The flight crew fought back, and First Officer James Hartley, 
who was mortally wounded during the altercation, managed to disarm DiVivo 





Originally organized under the US Marshal Service as sky marshals. In 1985, the air marshal 
program was reestablished under the FAA. 
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and then shot him. Captain Robert Wilbur was injured during the fight but 
still managed to safely land the plane.’ 

2. In 1972, three alleged rapists (including one escaped convict) took over a 
Southern Airways DC-9 as it departed Birmingham, AL. The hijackers 
demanded $10 million dollars and directed the plane back and forth over the 
country. At one point, the hijackers threatened to crash into a nuclear facility 
in Oak Ridge, TN. The 31 passengers were held for 29 hours. The first officer 
was shot and wounded before the ordeal ended (Moore, 1976, pp. 13—14). 

3. In 1974, another individual would attempt to hijack an aircraft—this time with 
the intent to crash it into the White House. Samuel Byck, using a stolen pistol, 
shot and killed Maryland airport police officer Neal Ramsburg at 
Baltimore— Washington International Airport. Byck then boarded a Delta 
Airlines DC-9 and ordered the pilots to take off and fly low toward 
Washington, DC. Byck intended to crash the plane into the White House in an 
attempt to assassinate President Richard Nixon. When the pilots refused to 
take off, Byck shot both pilots, killing the first officer, and then ordered a 
passenger to help the pilot fly the plane. An FBI agent, using the fallen police 
officer’s .357-caliber pistol, fired through a window in the aircraft’s door and 
killed Byck. 


Another characteristic of hijackings during the 1960s and 1970s was that there 
were often only one or two hijackers who used guns, grenades, bombs, and in 
some occasions simply the threat of having a bomb to take over a flight. 
Response to hijackings was similarly straightforward—in El Paso, TX, officers 
attempted to shoot out the tires of a hijacked Continental Airlines jet. 

A key lesson that US law enforcement agencies learned from numerous hijack- 
ings was to keep hijacked aircraft on the ground. Once a hijacked aircraft is airborne, 
the crisis is more ephemeral and risky. Hijacked aircraft can land outside a country’s 
jurisdictional authority, create hazards to air navigation, and serve as a weapon of 
mass destruction (WMD). An airborne hijacked aircraft is essentially a roving crime 
scene in progress, with huge dynamics and random elements at play. 


MIDDLE EAST AND ASIA 


In the Middle East, there were few bombings in the 1960s and 1970s, but when an 
aircraft was bombed it usually resulted in the complete loss of the aircraft and all 
on board. Hijackings in the Middle East occurred less frequently than what was 
experienced in the United States, yet they resulted in greater loss of life and over- 
all destruction. Middle Eastern hijackings focused on extorting the release of pris- 
oners or on delivering a political message rather than flight to another country. 
The first hijacking of a commercial flight in the Middle East was on an 
unlikely target—the Israeli airline El Al (Gero, 1997). On July 23, 1968, three 





7DiVivo was convicted and sent to prison, where he committed suicide in October 1970. 
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gunmen hijacked El Al Flight 426 en route from Rome, Italy, to Tel Aviv. These 
gunmen claimed to be members of the Popular Front for the Liberation of 
Palestine (PFLP). The aircraft was forced to land in Algiers where negotiations 
began with the hijackers demanding the release of certain Arab prisoners. A news 
crew was already on hand when the plane landed in Algiers, demonstrating the 
power of a hijacking as a tool to attract worldwide attention. No one was killed 
during the hijacking, and within a few days the hijackers released all the prisoners 
even though Israel did not release any Arab prisoners. As a result of this hijack- 
ing, Israel implemented the strictest security measures on El Al of any air carrier 
and also adopted a retaliation policy toward those groups who seek to harm 
Israeli citizens (Gero, 1997). 

Six months later, terrorists again attacked an El Al flight while on the ground 
at Athens, Greece. Two terrorists armed with automatic weapons and hand gre- 
nades boarded the airliner. One person was killed, another injured, and substantial 
damage was done to the aircraft. Because of these attacks and hijackings, El Al 
began implementing the practice of escorting taxiing flights with armed personnel 
in vehicles. Additionally, in retaliation for the attack, Israeli commandoes raided 
the airport in Beirut, Lebanon, and destroyed a dozen Lebanese-registered aircraft 
(Gero, 1997). As of this writing, there has never been another successful hijacking 
of an El Al airliner (Walt, 2001). 

Attacks in the Middle East on commercial aviation were not restricted to 
hijackings. In 1969, gunmen sprayed an El Al jet taxiing at the Zurich-Kloten air- 
port with machine gun fire. An armed passenger on board the flight opened one of 
the aircraft doors and returned fire (Gero, 1997). 

From 1969 to 1970, there were a few other Middle East related hijackings, 
mostly for extortion or transportation, along with a couple of airline bombings, but 
nowhere near the rate of hijackings that were occurring in the United States during 
the same period. There were several other hijackings throughout Europe and Asia, 
mostly in the Soviet Union or its associated territories. 


DAWSON’S FIELD 


On September 6, 1970, teams of Palestinian hijackers departed from three separate 
airports with the intent to hijack three aircraft en route from Europe to the United 
States. Members of the PFLP intended to land the aircraft at a remote airfield and 
hold the passengers hostage in an attempt to negotiate the release of other PFLP 
members held in jails throughout Europe and in Israel. The first hijack attempt was 
conducted on board El Al Flight 219 from Amsterdam to New York on a B-707 
when hijackers Patrick Arguello and Leila Khaled attempted to take over the 
aircraft. Khaled had prior experience hijacking aircraft and had previously 
undergone plastic surgery to change her appearance. In an interview for the 
documentary Hijacked (Ziv, 2006), Khaled stated that she knew the airline would 
have armed guards, but that her team believed the guards would be afraid because 
the hijackers were armed with hand grenades and guns (Ziv, 2006). 
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Before takeoff, the El Al security chief and airline station manager identified 
four suspicious passengers. The date of ticket purchase, last-minute arrival times 
at the airport, sequential numbering of two of the passports, and other anomalies 
(not expanded on in the reference) caused suspicion. The captain of the flight was 
consulted about the suspicious passengers and decided to allow Khaled and 
Arguello on board but denied boarding for the other two. 

Twenty minutes into the flight, Khaled and Arguello initiated a hijacking 
using grenades and pistols. They threatened the flight attendants in an attempt to 
get the flight crew to open the cockpit door. A security officer was already jump- 
seating in the cockpit. However, Captain Lev decided that rather than opening the 
door, he would execute a “negative G pushover” of the 707 by suddenly pushing 
the aircraft control stick forward, causing anyone and anything not strapped down 
to quickly float to the top of the aircraft cabin. In the subsequent confusion, pas- 
sengers and security personnel overwhelmed the hijackers. An air marshal shot 
and killed Arguello (a Nicaraguan-American) and passengers subdued Khaled. 
The aircraft made an emergency landing at the London Heathrow International 
Airport where Khaled was arrested. 

Earlier the same morning (September 6, 1970), hijackers took over TWA 
Flight 74 (a Boeing 707) from Frankfurt, Germany, to New York, and Swissair 
DC-8 from Zurich, Switzerland, to New York. The two aircraft totaled more than 
300 hostages, mostly American citizens (Ziv, 2006). After they had been removed 
from the El] Al flight, the two hijackers bought tickets and boarded Pan Am Flight 
93, a B-747, from Amsterdam, the Netherlands, to New York. The Pan Am cap- 
tain conducted a pat-down search of the passengers but did not find their grenades 
and pistols, which were hidden in the groin area of each hijacker. Further details 
on the search are not available. 

Shortly after takeoff, the two Palestinians successfully hijacked the flight. The 
B-707 and DC-8 were flown to an abandoned airstrip at Dawson’s Field, Jordan 
(renamed Revolution Airport by the PFLP). The B-747 was flown to Cairo, 
Egypt, where it was wired with explosives while still in flight. All of the passen- 
gers and crew evacuated immediately upon landing, and within minutes the air- 
craft exploded. Egyptian police arrested the hijackers. 

Then, on September 9, a BOAC VC-10 was hijacked as leverage to negotiate 
the release of Leila Khaled, the hijacker who had been caught earlier in the week 
attempting to hijack the El Al flight. The VC-10 was also brought to Dawson’s 
Field, and all 500 passengers were confined inside the aircraft for several days. Six 
days later, the passengers were deplaned and the terrorists used explosives to 
destroy the three aforementioned aircraft at Dawson’s Field while TV cameras 
recorded the event. The various airlines involved lost millions of dollars in assets. 
Authorities released Khaled about a month after the BOAC VC-10 hijacking, in a 
hostage trade deal in exchange for the passengers on the VC-10. This example was 
characteristic of the type of hijack response strategy used in the United States. In 
an interview years later, Khaled said that she was under orders not to injure or kill 
any passengers. 
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A premise in hijackings before 9/11 was that hijackers used hostages and air- 
craft as bargaining tools. The assumption was that hijackers were more interested 
in an outside cause (escape, extortion, political message) than in using the aircraft 
as a guided missile. Thus, before 9/11 the goal of flight crews during a hijacking 
was to land the aircraft so authorities on the ground could take over negotiations. 
This assumption does not work in a post-9/11 world where aircraft are used as 
WMD and hostages are merely victims (or obstacles) to the end result. 


AIRPORT ATTACKS 


Airport attacks are the third major form of attack against the global aviation sys- 
tem. The focus of the aviation security system has historically been to protect air- 
craft. Airports have not received as much attention, partially because airports 
have not been the frequent targets of terrorists, the way aircraft have. However, 
airports provide shelter, services, and various levels of security to aircraft while 
they are on the ground. Airports are where passengers and airline employees 
make the transition from land transportation to flight (and back again), holding 
hundreds and in some cases thousands of individuals at a time, and are the transit 
point for more than 30,000 flights a day in the United States. A disruption or 
shutdown of a US commercial-service airport can result in disruptions throughout 
the national airspace system. Airports are public facilities where screening is not 
required for entry into a US airport, which thereby increases the possibility for 
anyone to enter the facility with guns, grenades, or other explosive devices and 
attack a large citizenry. In addition, there are multiple avenues of access to an air- 
craft that bypass traditional screening processes, such as catering and mainte- 
nance. Airports are national assets, essential to the proper function of the aviation 
security system, and thus deserve considerable protection. 

The most common form of airport attack has largely been an individual or a 
group armed with automatic weapons and explosives (usually hand grenades) 
storming the public area of an airport terminal or in some cases the airfield. One 
of the most significant airport attacks occurred in 1972 at Lod International 
Airport in Tel Aviv, Israel. In this case, three terrorists of the Japanese Red Army 
recruited by the PFLP opened fire in the baggage claim area killing 26 people 
and injuring dozens more (BBC News, 1972). In 1973, Palestinian terrorists shot 
their way through the Rome, Italy, airport, destroying an aircraft. More than 30 
people died in that attack. 

In the United States, an airport shooting led to a hijacking in 1972. In the 
attack, bank robbers shot their way onto an Eastern Airlines jet at the Houston 
Intercontinental Airport (Gero, 1997). The bank robbers, a father and his two 
sons, killed a ticket agent along with a bank manager and a police officer (at the 
bank) and wounded another airline employee in the process." 





The hijackers forced the flight crew to take them to Cuba. The hijackers returned to the United 
States 3 years later and were sentenced to 50 years in prison. 
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In the Middle East, there were several occurrences of terrorist teams that 
would storm an airfield, start shooting, and toss explosives at aircraft parked on 
the ramp. In 1973, Palestinian terrorists destroyed a Pan Am B-707 in Rome, 
Italy, by tossing incendiary bombs into the parked aircraft. The fire caused the 
deaths of 30 passengers and a flight attendant. 

Another form of airport attack is the use of bombs placed in airport public-use 
lockers. In 1974, a bomb blast killed two skycaps and several others at Los 
Angeles International Airport. The bomb was placed in a locker between the Pan 
Am and Korean Airline ticket counters (United Press International, 1974). In 
1975, 11 people died and 75 were injured when a bomb exploded in a public 
locker at LaGuardia Airport in New York (Springer, 2002). Forensics teams deter- 
mined the explosive force was the equivalent of 25 sticks of TNT or plastic 
explosive, triggered by an alarm clock. The use of public locker facilities was dis- 
couraged for several years before authorities permanently discontinued their use 
in the mid-1990s. Lockers in the sterile area are routinely used but are usually 
restricted to individuals with higher Department of Homeland Security (DHS) 
security levels. 


OTHER NOTABLE LESSONS FROM THE 1970s 


Several noteworthy incidents occurred at the end of the 1970s. On November 15, 
1979, a mail parcel containing a bomb exploded in the cargo hold of American 
Airlines Flight 444 en route from Chicago, IL, to Washington, DC. Authorities 
later traced the bomb, which had a barometric trigger switch, to Ted Kaczynski 
(aka, the Unabomber) (Khan, 1999). This may have been the first time in the 
United States that a bomb was placed on board an aircraft as air cargo, but there 
are other earlier recorded instances on non-US-flagged carriers. Today, air cargo 
security has been the focus of much attention and rulemaking; however, there 
have been very few aircraft bombings where the bomb was put on board using air 
cargo. Terrorists have placed most bombs on aircraft using carry-on strategies 
(eg, duping a passenger or using suicide bombers) or in checked baggage. The 
2010 Yemen Air Cargo plot demonstrated one of the most recent attempts at plac- 
ing bombs on commercial aircraft via cargo and has caused additional scrutiny 
and a rush to implement preventative measures to keep bombs from being intro- 
duced to passenger aircraft via air cargo. 

Criminals and terrorists are highly adaptive and imitative. In 1971, when 
D. B. Cooper (Fig. 2.1) parachuted out of an airplane he had just hijacked and 
held for ransom, 19 other parachute-from-an-airplane hijacking attempts followed. 
Boeing, the manufacturer of the aircraft experiencing the parachute hijackings, 
installed the Cooper Vane, which prevented the rear air stairs from being lowered 
in flight, thus eliminating the ability of a hijacker to parachute to safety. The 
Cooper Vane did not stop hijackings but rather motivated hijackers to develop 
new tactics (Gladwell, 2001). 
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When improvements in passenger and baggage screening made boarding con- 
cealed guns and grenades more difficult, hijackers discovered alternative methods, 
such as having cleaning and catering personnel bring weapons and explosives on 
board aircraft. Strategies such as positive passenger—baggage matching have pre- 
vented bombers from checking a bag with a bomb hidden inside without person- 
ally boarding the aircraft. In response, terrorists adjusted their strategies and 
recruited suicide bombers who were willing to die for their cause, or they placed 
bombs inside the suitcases of unsuspecting passengers. This example demonstrates 
the challenge of aviation security to implement policies and strategies that prevent 
the existing threat, while also anticipating how future threats will be developed 
and implemented. 

Aviation was not safe from the world of “narco-terrorism” as demonstrated in 
1989 when an Avianca B-727 was destroyed en route from Bogata to Cali, 
Colombia, killing all 107 people on board, including 5 police informants. Medellin 
cartel drug lord Pablo Escobar may have orchestrated the bombing as part of a 
campaign to eliminate informants, police, and politicians (Marshall, 1997). The 
bombing brought attention to the already heated drug war between the Colombian 
government and the drug cartels. Throughout the 1980s and into the 1990s, drug 
traffickers used aviation to transport narcotics. Although the use of general avia- 
tion aircraft for the transportation of drugs is well known, there was also a substan- 
tial amount of narcotics smuggled on board commercial airliners (commercial 
airliners continue to be used extensively for smuggling and transporting illegal 
narcotics throughout the world). Local drug lords have frequently paid airline 


FIGURE 2.1 


Artist's rendition of D. B. Cooper. 
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employees with access to the cargo and baggage holds of commercial aircraft to 
smuggle narcotics onboard. Air carrier security managers soon realized that the 
ease with which drugs could be smuggled on board demonstrated the ease with 
which bombs could also be placed on board. 

In March 1979, a hijacker in Tucson, AZ, allowed the passengers to deplane 
during a fuel stopover. Unbeknownst to the hijacker, the flight crew escaped 
through the cockpit windows by using emergency escape ropes. Seven years later, 
a similar incident occurred where the flight crew escaped during the hijacking but 
with slightly different results. On September 5, 1986, 17 people died on Pan Am 
Flight 73, a B-747, during an attempted hijacking by terrorists dressed to resem- 
ble airport security guards. With 379 passengers onboard, the aircraft sat on the 
tarmac of a Karachi, Pakistan airport. When the terrorists fired the first shots, the 
captain and his flight crew used the emergency escape ropes to leave the aircraft.” 
Their escape was concurrent with FAA recommendations for flight crew actions 
during a hijacking, which was essentially to leave the plane if able and thereby 
“disable” the aircraft (Wallis, 1993). 


1980—90: A NEW WAVE OF ATTACKS BRINGS A NEW WAVE OF 
REGULATIONS 


Several devastating attacks on aviation characterized the decade of 1980—90. 
These attacks caused significant changes to security policies and practices both in 
the United States and around the world. Airline bombings occurred at unprece- 
dented levels of frequency and fatalities. Hijackings turned even deadlier, and 
there were several more attacks on airports. By 1990, new policies had been 
implemented, and overall attacks on aviation decreased significantly throughout 
the 1990s. This extended lull in activity may have contributed to a false sense of 
trust in the aviation security system leading up to the 9/11 attacks. 

The 1980s started with a new round of hijackings from the United States to 
Cuba setting a new record of 18 in 1980. In the first hijacking of that year, flight 
attendants exercised their ability to egress from a flight. When the Delta Airlines 
L-1011 was on the ground in Havana (after being hijacked during its flight from 
New York to Atlanta, GA) and the hijacker was in the cockpit, the flight atten- 
dants and most of the passengers escaped through a floor hatch. The hijacker then 
demanded that the aircraft take off, but authorities had parked a truck in front of 
the plane to prevent it from moving (Gero, 1997). 

In what was becoming a popular and rather effective technique, many of the 
hijackings in 1980 were implemented by individuals who threatened to have an 
explosive but did not actually have one. Among the more “entertaining” threats 
was one hijacker whose bomb turned out to be a piece of soap. Another hopeful 
hijacker had two red sticks with the word “TNT” scribbled on the side. During 





Eventually, 22 people, including two Americans, would die during the standoff. 
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this time, hijackers developed a new technique—they would use a flammable 
liquid, such as gasoline or rubbing alcohol, and then hijack the flight by spreading 
it around and threatening to light it. This technique was used numerous times in 
the early 1980s. 

Today, flammables are prohibited on board commercial aircraft and newer 
technologies are being developed to determine if the contents of bottles that pas- 
sengers bring on board are indeed dangerous. When new passenger and carry-on 
baggage screening requirements made it more difficult to smuggle a weapon or 
explosive onboard, hijackers began bluffing to passengers and crews that they 
either had access to a bomb or gun, in an attempt to hijack the flight. This type of 
hijacking continues to occur, as recently as 2009 and 2016. In 2009, a man took 
over an AeroMexico flight by threatening to blow up the plane, although he had 
neither bomb nor gun, and in 2016 a man on an EgyptAir flight hijacked the 
plane with a fake suicide bombers vest—the crew complied with his demands, 
while the hijackers complied with the demands of several passengers and flight 
crew to have a “selfie” taken with him. 

Hijackings in the United States hit another peak in 1983, with an estimated 15 
that year. The FAA restarted the air marshal program around 1985, about the 
same time hijackings in the United States ended, but internationally, they contin- 
ued to rise. Two other security incidents are noteworthy as they involved person- 
nel with authorized access to the aircraft or airport property. On May 3, 1986, a 
bomb destroyed a Sri Lanka Lockheed L-1011 while the plane was on the ground 
at Colombo Airport, killing 20. Authorities arrested an airport customs officer, 
sympathetic to a separatist movement, and charged the officer with sabotaging 
the aircraft. The positive identification and monitoring of airport and airline per- 
sonnel are important concerns to aviation security practitioners, especially 
because those with authorized access have caused destruction and deaths in the 
past, and their access privileges allow them to routinely bypass many of the exist- 
ing security systems designed to protect aircraft. 

The 1980s also brought more airport attacks. In 1981, terrorists planted three 
bombs at JFK airport in New York. One was booby-trapped inside a briefcase and 
left inside a men’s restroom, killing a young man when it exploded. Two other 
bombs, one in a public terminal area and one in a women’s restroom, were discovered 
before they exploded (New York Police Department, 2006). These bombs were 
planted by the Armed Forces of National Liberation, a Puerto Rican nationalist group. 

Then, on December 27, 1985, armed gunmen attacked two airports simulta- 
neously in an active shooter scenario. The public terminal areas of the Rome and 
Vienna airports were stormed by revolutionaries most likely associated with the 
Abu Nidal!’ terrorist organization (BBC News, 1985). This was also the second 





10 Abu Nidal fronted the Fatah Revolutionary Council, generally considered the world’s most feared 
terrorist organization before the rise of al-Qaeda, responsible for over 900 deaths in more than 
20 countries. Nidal was found dead under mysterious circumstances in Iraq in August 2002 
(BBC News, 1985). 
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active shooter attack on the Rome airport that year. These attacks targeted passen- 
gers waiting at the El Al ticket counter with the use of gunfire and grenades. In 
these attacks, 18 people died and more than 120 were injured. To this day, the ter- 
minal building at the Leonardo da Vinci International Airport is heavily guarded 
with tactical police officers carrying submachine guns and wearing body armor. 
Officers patrol both from a catwalk above the public area of the terminal and on 
the passenger level. 

In 1986, Anne Marie Murphy was attempting to take a flight from London 
Heathrow International Airport to Tel Aviv on El Al. She was traveling to meet 
the parents of her fiancé who, she did not know, was secretly a Syrian intelligence 
agent. Her fiancé told her not to allow her bag to be searched but did not tell her 
what was in it. Through the profiler interview process that is conducted on all 
passengers before boarding an El Al flight, security officials determined that 
something was amiss and searched her luggage. They found plastic explosives 
hidden in the lining of the suitcase, and validated, to an extent, the security pro- 
cess of behavioral profiling. The 1980s saw four significant events in the history 
of aviation security, which involved TWA Flight 847, Air India Flight 182, PSA 
Flight 1771, and Pan Am Flight 103. 


TWA Flight 847 

On June 14, 1985, Shiite Muslim terrorists hijacked TWA Flight 847, a Boeing 
727 en route from Athens, Greece, to Rome, Italy. The hijacking of Flight 847 
would provide several lessons in the handling of hijacking incidents for years to 
come. Making the flight even more noteworthy was the capability of mass media 
to bring the episode in real time to the viewing audience. The hijacking became 
an event on the evening news for several weeks, with stirring images of terrorists 
leaning out the cockpit window threatening the pilot with a gun. '' 

“We’ve got a hijack,” announced the second officer aboard TWA Flight 847 
from Athens to Rome. Those chilling words began one of the most famous hijack- 
ings in the history of aviation. At its conclusion, this hostage crisis spanned thou- 
sands of miles of airspace, involved several governments, directly affected the 
operations at three major airports, turned a flight attendant into a folk hero, 
resulted in the death of a US serviceman, and gave rise to Hezbollah. 

While in flight, hijackers pounded on the cockpit door and started kicking out 
the lower panel of the door, while the second officer Christian Zimmerman tried to 
hide the emergency fire ax stored in the cockpit. He did not know what weapons 
the hijackers had but did know that he did not want to provide them with another 
one (Testrake and Wimbish, 1988). In 1985, the concept of suicide hijackers was 
not considered, and the tactic of using deadly force to protect the flight deck was 
not part of the common strategy to handle hijackings. The flight crew finally 





"The ordeal is retold by Testrake and Wimbish (1988) in their book Triumph over Terror on 
Flight 847, which also provides good lessons for anyone involved in a hostage taking. 
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opened the door after being informed by flight attendant Uli Derickson that the 
hijackers were now beating several passengers. 

Two hijackers, armed with guns and grenades, stormed inside, demanding to 
travel to Algiers. Captain Testrake commented that his immediate concern was 
that one of the hijackers was holding hand grenades and that both hijackers were 
very nervous. The hijackers also wanted access to the radio, which was still out 
of range of Beirut, but that did not stop them from broadcasting their demand of 
the release of 800 prisoners being held in Israel. 

Throughout the first several minutes of the hijacking, the assailants kept 
control by running up and down the aisles, yelling and punching passengers at 
random. When the hijackers left Captain Testrake and his crew alone in the cock- 
pit for a few moments, the crew notified air traffic control of their situation and 
then tried to find a map and compute fuel requirements for the detour to Algiers. 
Because none of the flight crew spoke Arabic and neither of the hijackers spoke 
English, there was a substantial communication gap. A third hijacker who did 
speak English had missed the flight and was arrested in Athens earlier that 
day (the hijackers also demanded his release). However, Captain Testrake 
soon learned that one of the hijackers spoke German and, fortunately, so did his 
chief purser, Derickson. When Captain Testrake told the hijacker there was not 
enough fuel, the hijacker thought the captain was trying to trick them but was 
soon convinced that it was true. The hijackers then ordered the flight crew 
to head to Beirut instead. Captain Testrake was grateful because he knew the 
plane was safer on the ground, particularly if one of the grenades detonated 
(Testrake and Wimbish, 1988). Some interesting points regarding this hijacking 
include: 


1. The hijacking occurred very quickly and violently. 

2. The hijackers inflicted physical pain and mental fear on passengers as a 
successful strategy for gaining access to the flight deck. 

3. The pilots hid the fire ax in the cockpit. 

4. The flight attendant was immediately involved in the hijacking, both as a 
reluctant advocate for the hijackers’ requests to enter the flight deck and as 
the chief communicator. 

5. The pilots knew the safest place for the aircraft was on the ground. 


En route to Beirut, the hijackers noticed the empty holder that once held the 
crash ax. They demanded to know where it was, and Zimmerman told them the 
plane was not equipped with one. The hijackers then kicked out the doorknob on 
the cockpit door to prevent the flight crew from locking them out. Also en route 
the hijackers kept themselves busy by beating passengers, mostly with a chair 
arm they had ripped from Zimmerman’s seat. Their favorite targets for beatings 
were a passenger who was a member of the US military, Zimmerman, and on 
occasion, First Officer Mascera. However, Captain Testrake was never hit, which 
he later speculated may have been a sign of respect that he was the captain or the 
fact that he was flying the plane. The hijackers also made the passengers sit in an 
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uncomfortable position with their heads down on their laps. Whenever a passen- 
ger looked up to stretch, the hijackers beat the passenger back into position. 

Approaching Beirut, the tower controllers closed the airport and refused 
Testrake permission to land. At the time of this hijacking, the ICAO did not clas- 
sify a hijacked aircraft as an aircraft in distress. An aircraft classified as in dis- 
tress would have received protection and services provided by international 
treaties, such as allowing the hijacked aircraft to land and rendering all available 
assistance. 

Only after repeated pleas by Testrake, who at one point did declare that his 
aircraft was in distress, did controllers allow the plane to land. Testrake taxied to 
the refueling area, but when the fuel trucks did not arrive quickly, the hijackers 
resumed beating Robert Stethem (Fig. 2.2), a passenger who was a member of the 
US Navy. Finally, the fuel trucks arrived, and the beating ceased, for the time 
being. Testrake attempted to negotiate for the release of the women and children. 
Although the hijackers would not agree with his request, Derickson’s natural 
negotiating skills did succeed, and soon 19 women and children were released to 
Beirut authorities (Testrake and Wimbish, 1988). 

The plane took off, heading to Algiers, but the flight crew ran into the same 
problem in trying to land, as Algerian flight controllers temporarily refused 
landing permission. They eventually relented, and Algerian military forces 
quickly surrounded the plane. The hijackers negotiated for hours with Algerian 
officials over the radio about the need for more fuel. When negotiations were 
failing, the hijackers beat more passengers until finally a fuel truck arrived. One 
“amusing” moment did occur when the fuel truck driver refused to fuel the 
plane unless paid with a Shell Oil credit card. Derickson surrendered her 





FIGURE 2.2 
Petty Officer Robert Stethem. 
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Shell Oil gas credit card and $6000 of Jet-A fuel was charged to her account 
(which TWA later covered). 

In Algiers, the hijackers continued beating passenger Stethem, but they 
allowed 21 more passengers to go free for “humanitarian reasons.” Loaded with 
fuel, the plane headed back to Beirut. While en route, Captain Testrake got up to 
stretch but immediately had a hijacker waving a gun in his face. Testrake yelled 
back at the man that he was an old grandfather and that his back hurt. The 
hijacker backed down. “It was the same old pattern,” stated Testrake. “If you 
spoke sharply to them, they could act almost like school kids who had been 
caught in some form of mischief and were sorry. But at other times they could be 
unfeeling and brutal ... as we were soon to find out” (Testrake and Wimbish, 
1988, p. 88). 

Approaching Beirut, the flight crew was again not given permission to land, 
and the tower controllers turned off the runway lights. This time the hijackers 
threatened to crash the plane into the presidential palace unless granted permis- 
sion to land, which it eventually was. The hijackers ordered the flight crew to 
stay off the radio out of fear that the US Delta Force rescue team was en route.'* 
Captain Testrake stated that even if Delta Force had attempted a rescue, he still 
feared that people would be killed because one of the hijacker’s carelessness with 
their hand grenades, often pulling the pins out and popping them back in. Delta 
Force was never green-lighted to execute the operation. 

Once on the ground in Beirut, more fruitless arguing between the hijackers 
and Beirut officials took place until one of the hijackers shot Stethem and threw 
his body to the tarmac. It was also reported by author Don Mann that a Navy 
SEAL sniper team had one of the hijackers in their sights, but was never given 
the order to shoot (Mann, 2011). The murder got another Palestinian faction 
involved, the more moderate Amal, and once back in Algiers 14 more terrorists 
associated with Amal boarded the aircraft in the dark of night. 

At one point the hijackers identified passengers with Jewish-sounding names 
and separated them from other passengers. This separation was a frequent occur- 
rence on previous hijackings as there is a long history of animosity by Palestinian 
organizations against citizens from the United States and Israel. When the hijack- 
ers asked flight attendant Derickson’s assistance in identifying US and Jewish 
citizens on the aircraft, she attempted to hide several of the incriminating pass- 
ports (Jewish and US). A doctor was also allowed on board to check the passen- 
gers’ health. The terrorists released the remaining women, children, and male 
hostages from countries other than Israel and the United States, and flight atten- 
dant Derickson was also released in Algiers along with the other flight attendants. 
Derickson’s calmness and actions became a model for flight crew performance 
during a hijacking. 





While the aircraft was making its roundtrips between Beirut and Algiers, US Delta Force opera- 
tives were mobilized in Cyprus, ready for an assault on the plane; however, the assault was not 
approved. 
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Also boarding the flight in Algiers was the third hijacker who had been 
arrested in Athens, Ali Atweh (aka, Ali Atwa). The crew then headed the 
plane back to Beirut. En route, Testrake, who had overheard the hijackers 
talking about going to Tehran, Iran, tried talking with air traffic controllers to 
obtain information from the US Department of State on the ramifications of 
going to Iran. Eventually, Captain Testrake was asked by air traffic control 
to fly to the Larnaca Airport in Cyprus, where the US Delta Force was staged 
and ready to conduct an assault. Testrake also had the chance to broadcast to 
controllers in Tel Aviv and let them know how many hijackers there 
were onboard, how they were armed, and what was going on. However, the 
hijackers soon entered the cockpit and the plane ended up on approach to 
Beirut, again. 

Upon landing in Beirut, the flight crew secretly shut down two of the air- 
craft’s engines and convinced the hijackers that the aircraft could no longer 
fly. More terrorists came on board as the plane sat on the tarmac in Beirut. 
Eventually they even worked out a shift schedule for guarding the plane and 
its occupants. The standoff continued for 18 more days, upon which all hos- 
tages were released. 

Captain Testrake’s actions during the crisis serve as a model of professional 
conduct in the way he took care of his passengers and flight crew and how he 
calmly handled the lengthy hijacking. Ali Atwa, the terrorist responsible for the 
hijacking, was still at large in 2006 and on the Federal Bureau of Investigation’s 
most wanted list. 

Authorities learned several lessons from the hijacking of TWA Flight 847: 


. All attempts should be made to keep the hijacked aircraft on the ground. 

. Flight crew should be trained in emergency safety and security operations. 

3. Flight crew should be trained in crisis management during a hostage or 
security incident. 

4. Despite Captain Testrake’s desire that a rescue not be attempted, flight crews 
must understand that during a hijacking situation they are effectively hostages, 
and as such with the duress involved and the lack of other information, they 
cannot be counted on to decide what actions regarding a rescue should be 
taken. However, flight crews or passengers should attempt to provide 
information to law enforcement agencies that may assist in the decision- 
making process. 

5. Flight crews should take all available information into account when making 

decisions throughout the entire event. Although SOPs should be trained, it is 

the flight crew who must make numerous decisions about whether to follow 
the SOPs or decide if it is safer to deviate from policy. 


N = 


The hijacker responsible for passenger Stethem’s death was caught and 
sentenced to life imprisonment in West Germany, and a navy destroyer, the 
U.S.S. Stethem, was named in honor of Petty Officer Robert Stethem 
(Fig. 2.2). 
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PERSPECTIVES ON HOSTAGE SITUATIONS 


Hostages must be cared for because they provide bargaining power for terrorists and criminals. 
They have food and water needs, toilet needs, and, many times, medical needs. Children and the 
elderly usually require additional attention. Often these needs can work to the favor of negotiators 
seeking to win the release of as many hostages as possible. Even hostages in good physical 
condition pose their own dilemma for hijackers. Although these individuals may be able to 
survive the longest in confinement, they are also the most capable of overpowering the hostage 
takers. 

A dead hostage reduces bargaining power, and killing hostages does not promote empathy for the 
hijackers. When all of the hostages are dead, the situation changes from a hostage scenario to a siege 
scenario, thereby providing more options to law enforcement and antiterrorism agencies. Therefore, 


terrorists and criminals can sometimes be convinced to release hostages in trade for needed items, 
such as fuel, food, and water (for themselves and the hostages), and other supplies. The end goal is 


to secure the release of as many hostages as possible and keep the aircraft on the ground. 





Air India Flight 182 


The flight of Air India 182 was a bellwether to the international community to 
pay attention to aircraft bombings—Air India Flight 182 was actually two bomb- 
ings committed simultaneously on two international flights departing Canada. On 
June 23, 1985, a Boeing 747 en route from Vancouver, Canada, to London 
exploded at 31,000 feet off the southern tip of Ireland, killing all 329 on board 
including 60 children (Jiwa and Hauka, 2006). Around the same time, two bag- 
gage handlers at the Tokyo Narita Airport were killed and four others wounded as 
they transferred baggage from Canadian Pacific Flight 003 to Air India Flight 301 
bound for Thailand. Both flights had originally departed from Vancouver. 

The B-747 was last observed on radar near the Irish coast when it disappeared 
at 7:15 am local time (Ireland). The debris spread across several miles of the 
Atlantic Ocean where water depths reach 7000 feet. Searchers recovered the bodies 
of 132 victims. They also recovered enough wreckage including the cockpit voice 
recorder (CVR) and flight data recorder for investigators to conclude that the air- 
craft’s destruction was due to a bomb in the forward cargo hold (Gero, 1997). 

Authorities suspect that the bomb was loaded on Flight 182 while on the 
ground in Vancouver. Connecting the Narita Airport bombing with the Air India 
bombing was the fact that the same man had made bookings on the two flights— 
CP Flight 003, heading to Tokyo, and CP Flight 60, the flight that would eventu- 
ally connect with Air India and be designated as Flight 182. According to Salim 
Jiwa, an investigative reporter for the Vancouver Province, both explosions were 
planned to occur on the ground, with the intent to only destroy the aircraft and 
not cause fatalities (Jiwa and Hauka, 2006). However, the bomber misjudged the 
amount of time Flight 182 would remain on the ground in Toronto.'* 





'3Jiwa would go on to author Margin of Terror: A Reporter’s Twenty-Year Odyssey Covering the 
Tragedies of the Air India Bombing (Key Porter Books, 2007, Toronto, Canada). 
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In Vancouver, 4 days before the explosions, a man purchased tickets on each 
flight. On June 23, his bags were checked and loaded. The individual checked in 
for CP Flight 60, bound for Toronto, but requested that his bag be checked 
through to Air India Flight 182. The gate agent explained that because he was 
only listed as a standby on the Air India flight, it was not possible to honor his 
request because of the baggage/passenger reconciliation policy, also known as 
positive passenger—baggage matching. The man persisted, and finally the gate 
agent gave in to his demands; the bag was checked through contrary to company 
policy (Gero, 1997). Because of personnel and equipment shortages at Air India, 
the reconciliation process may not have occurred anyway. 

Ultimately, these bombings caused significant changes in the way checked 
baggage would eventually be handled in Canada. The events also changed 
Canada’s view of its role in aviation security. “The Air India tragedy had an enor- 
mous effect on Canada and the Canadian government,” wrote author Rodney 
Wallis (1993) in Combating Air Terrorism. Wallis added: 


The country had been living in an age of innocence until the incident occurred. 
Canada had followed a noncontroversial political role vis-a-vis the world 
scene. No known terrorist organization had a dispute with the Canadians and 
everyone believed the country was remote from any possible terrorist activity. 
The Air India disaster brought home to Canada and the world that these crimi- 
nal acts need not be confined to the geographic location of the real disputes 
... but that any land can be used if it suits the purpose of the criminals. (p. 7) 


After the Air India bombings, screening checked bags became a standard prac- 
tice in Canada. The country implemented a sustainable and affordable five-level 
screening process. All checked bags are first screened by conventional X-ray 
equipment, which can automatically clear about 60% of the bags, and are then 
loaded on the aircraft. The remaining bags continue to be examined through the 
use of additional X-ray machines, visual inspection, and explosive trace and com- 
puterized tomography technologies, until security personnel are satisfied that the 
bags contain no hazardous items or explosives. 


PSA Flight 1771 


In 1987, US Air placed employee David Burke on unpaid leave pending an inves- 
tigation into his alleged theft of $68 from the flight attendant’s onboard liquor 
fund, but the airline did not confiscate Burke’s airline identification badge. These 
provided Burke with the means to access airport facilities and, specifically, to 
bypass the passenger and baggage screening process, a standard procedure for air- 
line and airport personnel at the time. 

Burke’s supervisor commuted to work by air every day to San Diego from the 
Los Angeles area, and Burke knew which flight he would be on. Three weeks 
after his suspension, on December 7, 1987, Burke bypassed screening using his 
employee ID and boarded the flight carrying a .44-magnum pistol. At approxi- 
mately 4:15 pm local time, the air traffic control center in Oakland, CA, noted 
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that PSA Flight 1771 was squawking an in-flight emergency code from its tran- 
sponder and the pilot reported gunshots had been fired in the cabin—a postacci- 
dent investigation by the FBI determined that the shots were from Burke killing 
his supervisor in the cabin. Burke then entered the cockpit and killed the flight 
crew, then himself. The aircraft nosed over and exceeded the speed of sound as it 
dived uncontrollably toward the ground. The high-speed dive overstressed the 
BaE-146’s airframe, and it broke apart. Forty-four people, including Burke, died 
in the ensuing crash. Witnesses on the ground watched the aircraft nose over as it 
plunged to the ground, crashing into a hillside near San Luis Obispo, CA. 

The PSA incident led to rule changes requiring airport and airline employees 
who have been suspended or terminated from employment to have their airport 
access immediately confiscated. The rule changes also mandated that airport and 
airline personnel who access the sterile area via the screening checkpoints must 
undergo the screening process. It did not mandate the screening of those same 
personnel if they accessed the sterile area from the air operations area or security 
identification display area. 


Pan Am Flight 103 


Before 9/11, the tragedy of Pan Am Flight 103 was the deadliest act of aviation 
terrorism ever committed. Although the bombing occurred over the skies of 
Lockerbie, Scotland, many of the passengers were US citizens (Fig. 2.3), which 





FIGURE 2.3 


Memorial to the victims of Pan Am Flight 103 located at Syracuse University, Syracuse, NY. 
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resulted in further scrutiny to the US aviation security system. On December 21, 
1988, a Pan Am Boeing 747 was bombed over Lockerbie, Scotland. The explo- 
sion killed 259 passengers and crew, plus 11 citizens of Lockerbie, Scotland, 
when debris rained down onto their homes. 

The case of Flight 103 began in Malta, where a Boeing 727 labeled as Pan 
Am Flight 103 flew to Frankfurt, Germany. From there, the plane flew to 
London, England, landing at the London Heathrow International Airport, and 
parked next to a Pan Am B-747. The bags from the B-727, along with the flight 
number “103,” were transferred to the B-747. The Department for Transport 
(DfT), the US equivalent of the DOT, required that all baggage leaving the 
United Kingdom be reconciled with a passenger on board the flight. The same 
baggage reconciliation procedure was also in effect at Pan Am and should have 
taken place in Frankfurt, Germany (Wallis, 1993). The practice was in-line with 
ICAO guidance after the Air India bombing in 1985. However, in the case of Pan 
Am Flight 103, the procedure was not followed at either location. 

At approximately 6:25 pm, 25 minutes later than its 6:00 pm departure, Pan 
Am’s Clipper “Maid of the Seas” Flight 103 took off from London Heathrow 
International Airport. The aircraft entered Scottish airspace and climbed to its 
assigned cruising altitude of 31,000 feet en route to New York’s JFK 
International Airport. A bomb containing 450 g (16 ounces) of plastic explosive 
was detonated in the forward cargo hold underneath the first-class cabin. The air- 
craft broke up quickly, with the nose separating from the fuselage in as little as 
3 seconds. The explosion and resulting crash killed everyone on board—259 
passengers and crewmembers and an additional 11 people were killed by falling 
debris in the town of Lockerbie. The dead included 35 students from Syracuse 
University returning from studying abroad in London. Considering that the flight 
was en route to the United States and the large number of American victims, the 
bombing was a tragedy for the United States, as well as for the United Kingdom. 
It would result in sweeping changes to the aviation checked-baggage screening 
practices in the United Kingdom. British aviation security officials have referred 
to Pan Am Flight 103 as “England’s 9/11.” 

Leading up to the disaster, Pan Am airline officials and US authorities knew 
that bombs intended for use against aircraft had been manufactured in West 
Germany. There was also a specific bomb threat against Pan Am, and in 
October 1988, West German police uncovered a bomb-making factory in an 
apartment building with one bomb in the assembly phase. Police determined that 
a large Toshiba cassette radio was to be used to conceal the explosive charge, 
the timing device, and a barometric triggering device, which clearly suggested 
that terrorists would use the device on an aviation target. On December 5, 1988, 
the US Embassy in Helsinki received a detailed bomb threat against a Pan Am 
flight operating between Frankfurt and the United States that would take place 
in the next few weeks (Wallis, 1993). The threat gave details as to the perpetra- 
tors and the method. Although Finnish authorities decided that the threat was a 
hoax, the FAA passed along the warning to Pan Am and other US airlines. 
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Authorities did not warn passengers of the threat. This is a considerable point of 
contention with the families of the victims of Pan Am Flight 103. 

A long-standing policy in aviation security is that authorities should not 
broadcast bomb threats against airlines to the public. The rationale is that if 
bomb threats were made available to the public, passengers would cancel their 
reservations on that flight. Therefore, the act of making a threat, particularly 
on a widespread basis, could theoretically shut down the national airspace sys- 
tem. Making bomb threats to public provides perpetrators with the publicity 
they are seeking and causes financial harm to the airline (Gero, 1997). A study 
of bomb threats conducted between the late 1970s and early 1980s showed that 
in more than 10,000 cases of bomb threats, an actual bomb was never found 
(Wallis, 1993). 

Additionally, the positive passenger—baggage match procedure may have 
caught the bag containing the bomb, as the bag did not have a passenger on board 
to match. However, during the postincident investigation, Pan Am declared that 
the FAA had given the airline an exemption from the required baggage reconcilia- 
tion procedure, a point the FAA disputed. Also, had the bag been X-rayed, in 
accordance with international security policies at the time, the Semtex explosive 
may not have been detected, as conventional X-ray machines could not detect 
that type of explosive at the time. 

The use of the barometric pressure trigger is also significant in the Pan Am 
Flight 103 attack. In this case, the barometric trigger was a tool known to exist 
in the aviation terrorist bomber arsenal. Some airports used pressure chambers 
to predetonate any explosives using barometric pressure triggers. Terrorists 
quickly learned of this technology, and in the case of Pan Am Flight 103, the 
barometric trigger was intended to work in conjunction with the timed trigger- 
ing device. In the bomb that was discovered in West Germany, the barometric 
device acted as a safeguard against the predetonation of the bomb. The baro- 
metric chamber would trigger the timing device, thus preventing the bomb from 
detonating if the aircraft sat on the ground because of an unplanned delay. 
Plus, if the device were subjected to a pressure chamber, it would simply arm 
the timing device, rather than detonate the bomb, thus making detection very 
difficult. In the accident investigation of Pan Am Flight 103, authorities deter- 
mined the triggering device was a simple timer and that a barometric device 
was not used. 

The bombers of Pan Am Flight 103 may have intended to have the bomb deto- 
nate over the water, thus reducing the available evidence of a terrorist attack. 
However, the bomb detonated while the aircraft was over the ground. The delay 
at London Heathrow International Airport may have contributed to the bomb det- 
onating over land, or the bombers may not have known the actual flight path the 
aircraft would take and made the assumption that it would travel directly over 
water after departing. 

The complete accident investigation was conducted with more than 1000 
Scottish police officers collecting more than 10,000 pieces of evidence. The 
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debris spread across an 88-mile corridor.'* Eventually Abdel Basset Ali 
al-Megrahi, who had been handed over by Mohammar Gadaffi, a Libyan intelli- 
gence officer and the head of security for Libyan Arab Airlines, was charged and 
convicted with 270 counts of murder for the crime. He was sentenced to life in 
prison. Megrahi served a portion of a 27-year sentence but was released by the 
Scottish government on compassionate grounds due to being diagnosed with 
terminal prostate cancer; he returned to Tripoli in 2009. 

Three countries were involved in the fallout from Pan Am Flight 103. In the 
United Kingdom, Minister of Transport Paul Channon had already experienced 
numerous rail, sea, and air disasters during his tenure (Wallis, 1993). His depart- 
ment was criticized for failing to pass along warnings to airports and airlines in a 
timely manner. However, Omar Malik, former British Airways captain and chair- 
man of the British Airline Pilots Association, writing on aviation security before 
Lockerbie, noted that the DfT was under-resourced and that advisers often lacked 
expertise in airline security. Malik went on to say that the DfT focused primarily 
on issuing enactments (rules and advice) to airlines and airports. Malik noted poorly 
phrased and composed enactments; for example, “[airlines] should reasonably sat- 
isfy themselves,” which left such enactments open to interpretation (Wallis, 1993). 
Most often, airlines selected the interpretation that was the most convenient, not 
necessarily the interpretation that provided the highest level of security. 
Additionally, most enactments were advisory in nature and, as Malik pointed out, 
airlines do not feel bound to follow advice, because advice is not enforceable. 
Malik’s observations should be given careful consideration, particularly by those in 
an aviation security regulatory capacity (Wilkinson and Jenkins, 1999). 

In the United States, newly elected President George H. Bush established a 
Commission on Aviation Security and Terrorism. As a practical matter, the com- 
mission focused on the destruction of Pan Am Flight 103. In Scotland, the country 
held a fatal accident inquiry (FAI). Both the presidential commission’s findings and 
the findings of the FAI were particularly damning to the aviation security system in 
the 1980s. In the United States, the commission concluded the following: 


1. The US civil aviation security system is seriously flawed. 
2. The FAA is a reactive agency. 





'4In the ensuing accident investigation, the coroner uncovered some chilling facts. The accident 
analysis showed that within 3 seconds of the blast, the aircraft had been torn apart. Further, forensic 
pathologist Dr. William G. Eckert, who conducted autopsies on the victims, believed that more 
than 140 passengers and the pilot himself were still alive as the aircraft hit the ground. There were 
243 passengers on board and 16 crewmembers, led by the pilot, Captain James MacQuarrie, first 
officer Raymond Wagner, and second officer Jerry Avritt. Thirty-five students from Syracuse 
University were also on board, flying home from an overseas study program in London. Five mem- 
bers of the Dixit family, including 3-year-old Suruchi Rattan, were flying to Detroit from New 
Delhi. Suruchi became forever associated with an anonymous note left with flowers at a Lockerbie 
memorial site: “To the little girl in the red dress who made my flight from Frankfurt such fun. You 
didn’t deserve this.” 
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3. Pan Am’s apparent security lapses and the failure of the FAA to enforce its 
own regulations followed a pattern that existed for months before and after 
the tragedy. 

4. The destruction of Pan Am Flight 103 was preventable had stricter baggage 
reconciliation measures been in place to stop any unaccompanied checked 
bags from boarding the flight in Frankfurt. 


The 182-page report recommended a top-to-bottom revamping of the govern- 
ment’s airline security apparatus. The report stated that positive passen- 
ger—baggage matching is the bedrock of any heightened civil air security 
system. However, airline lobbyists worked to keep the process out of the 
domestic air carrier security program for another 11 years because of the 
perception that it would slow down flight operations (Wallis, 2003). The com- 
mission called for the creation of an assistant secretary position for transporta- 
tion security within the FAA, which would later become known as the 
associate administrator for aviation security and would focus on security and 
intelligence issues. The commission also called for research and development 
of explosives detection systems to be a top priority and for special federal 
security managers to be appointed and employed at the nation’s busiest 
commercial-service airports. This presidential commission resulted in the 
Aviation Security Improvement Act of 1990. 

Just weeks after the Pan Am Flight 103 bombing, the FAA implemented 
new security measures for airlines that flew out of Western Europe and the 
Middle East, including positive passenger—baggage matching. However, even 
FAA administrator T. Allan McArtor admitted that the new procedures would 
not have detected the plastic explosive that brought down Pan Am Flight 103 
(McAllister and Parker, 1988). This type of response is what security expert 
Gavin de Becker, in his book Fear Less, termed a “Category Two” response to 
a security threat (De Becker, 2002). De Becker declared that all security precau- 
tions fall into two categories: a Category One security response is implemented 
to reduce risk and a Category Two security response is implemented to reduce 
anxiety. De Becker stated that both types of responses have meaning and 
purpose, but they are not the same. For example, after the 1999 Columbine 
High School shootings in Colorado, many other school officials installed 
closed-circuit TV cameras around their high schools. However, at the time of 
the shootings, Columbine High School had numerous security cameras, which 
did not prevent the shootings. De Becker speculated that Category Two 
responses are used in the United States because the American public seems to 
say, “they’ve taken steps, looks good,” and then goes “back to sleep.” Aviation 
security practitioners should be diligent in the types of security measures being 
implemented and mindful as to whether the procedures are intended to actually 
reduce risk or simply to reduce anxiety. In the aviation industry, Category Two 
responses get the public flying again, whereas Category One responses help 
protect passengers from acts of aggression. 


Air Terrorism Through the Ages 


Author Rodney Wallis noted in his book Combating Air Terrorism that “Many 
government civil aviation officials around the world have been apt to issue direc- 
tives with little or no effort being made to ensure their terms are understood” 
(1993, p. 37). Furthermore, Wallis pointed out in his post-9/11 book How Safe 
Are Our Skies? that the baggage bomb has been the chosen weapon of the sabo- 
teur for more than two decades (Wallis, 2003). Although the policy of positive 
passenger—baggage matching does not deter suicide bombers, it does at least 
require bombers to commit to their own death or that of an accomplice. Pan Am 
Flight 103 taught authorities the following lessons: 


1. Known threat information must be distributed to those who can act upon the 
information, and those who have the ability to act have the responsibility to 
act, regardless of government regulations. 

2. When a new threat against aviation occurs, regardless of its location, policies 
and procedures must be reviewed throughout the aviation community, with the 
understanding that certain locations and airlines will have higher risk levels 
because of various geopolitical factors. Higher-risk flights should incorporate 
additional security measures such as the use of additional screening. 

3. Security policies and procedures should be adhered to, such as the practice 
of positive passenger—baggage matching. 

4. Government regulators, in a position of both providing guidance on adhering 
to regulations and advising on security policies and procedures, should have 
an understanding of airport and airline operations and, further, should focus 
on providing specific information that is clearly worded and enforceable. 

5. There was a pattern of the FAA, which was charged with protecting aviation 
from sabotage, of not enforcing regulations consistently. 

6. Good security is part of fiscal responsibility and results in cost savings for 
the company. Although the Pan Am bombing was a huge tragedy in the loss 
of life, the failure of the airline to provide a secure aircraft for its 
passengers, just as it has the responsibility to provide a safe aircraft, ended 
up costing the airline billions of dollars. Considering insurance companies 
paid the lawsuits, insurance for aircraft operations also increased 
substantially, thereby increasing the operating cost for all other airlines. 

7. Policies and procedures can become relaxed over time when there is not an 
apparent threat. 

8. Security measures must be evaluated to determine if they are intended to 
actually reduce risk or to reduce the public’s anxiety about flying. 

9. Technologies in place to detect weapons and explosives should actually 
detect the threats that are prevalent at the time (ie, conventional X-ray 
machines used to detect explosives could not detect the types of plastic 
explosives that were becoming more common in aviation sabotage). 

10. There were numerous warnings of a potential bomb being placed aboard a 
commercial aircraft, even specifying the airline and the type of device. 
Warnings should be heeded and given careful consideration. 
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The last lesson, and an appropriate closure to our discussion of the tragedy of 
Pan Am Flight 103, was highlighted by Omar Malik in the following narrative: 


Finally, aviation’s long tradition of safety consciousness had not, in 1988, been 
extended to security consciousness and commitment ... given the remoteness of 
the probability of a terrorist attack on any specific flight, many of [the pilots] 
adjusted their priorities accordingly. Responsibility for these attitudes rested 
not with such managers but with the senior managers of the airline who deter- 
mine corporate culture ... staff attitudes to security are as important as security 
regulations and procedures. Regulations and procedures are the building blocks 
of security; personnel attitudes are the cement ... which holds the blocks 
together. 

Wilkinson and Jenkins, 1999, p. 121 


1990—2001: A FALSE SENSE OF SECURITY 


By 1990, a decade of deadly terrorist attacks on aviation came to a close. This 
period was followed by more than 10 years of relative calm in global aviation 
security. With the lack of any significant or successful attacks in the United 
States and on the aviation security system, travelers and some within the aviation 
security community slipped into a false sense of security. The mid-1990s did 
bring a few notable attacks and incidents, some on aviation and some that were 
not directly related to aviation but still affected aviation policy. Examples include 
the crash of TWA Flight 800, the bombing of the World Trade Center (WTC) in 
1993, and the bombing of the Murrah Federal Building in Oklahoma City, OK, in 
1995. 

The attack on the WTC, Murrah Federal Building, and a similar vehicle bomb 
attack on the US Air Force Khobar Tower barracks in Saudi Arabia acted as the 
catalysts for the 300-foot rule, which was put into place at US airports in 1995. 
The 300-foot rule creates a clear zone around airport terminals and air traffic con- 
trol facilities where vehicles are not allowed to park or be unattended. The dis- 
tance was based on a Bureau of Alcohol, Tobacco, Firearms, and Explosives blast 
analysis. This rule caused major problems for airport operators around the coun- 
try, because most airports were not designed naturally with a 300-foot buffer. As 
part of this rule’s enforcement, authorities rapidly positioned barricades around 
the airport and officials towed vehicles within 300 feet of terminal buildings and 
checked the vehicles using canine explosive detection teams. Airport revenues 
also suffered as travelers moved to offsite parking locations or had friends and 
associates drop them off at the airport. 

The WTC, Murrah Federal Building, and US Air Force Khobar Tower attacks 
also prompted many airports to conduct blast analysis studies and incorporate pro- 
tective measures into their building construction and design. One change is 
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credited with helping to save lives when American Airlines Flight 77 struck the 
Pentagon on 9/11. 

After the bombing of the Murrah Federal Building in 1995, many government 
structures, including the Pentagon, replaced their glass windows with a higher- 
strength safety glass. Military leaders and Pentagon renovation specialists credited 
the blast-resistant windows, incorporating laminated glass and the steel structure 
that supported them, with saving many lives. Pentagon renovation program com- 
munications specialist Brett Eaton stated, “The new blast-resistant window system 
installed in Wedge | supported the floors directly above the impact for approxi- 
mately 30 minutes after the attack, allowing hundreds of people to flee to safety” 
(DuPont, 2003, p. 2). Some airports, such as Ben Gurion International Airport in 
Israel, also use various types of safety glass in their terminal structure. 


FedEX FLIGHT 705 


On April 7, 1994, Auburn Calloway, a pilot for FedEx, attempted to hijack a flight 
from his own airline. Practitioners can learn several lessons from this attempt, in 
terms of the reactions of the flight crew and the importance of employee security 
measures including background checks, workplace violence education, and early- 
intervention programs. 

Calloway was catching a ride on FedEx Flight 705, a common practice known 
as “jump-seating,” which is a known perk of working for an airline or air cargo 
operator. Believing that he would soon be fired, Calloway brought a guitar case 
containing several hammers, a knife, and a spear gun. Calloway was also a mar- 
tial arts expert. He divorced in 1990, had two children, and had been having diffi- 
culty making his financial commitments. FedEx officials had recently informed 
him that there was a discrepancy in his pilot records, which could have soon 
resulted in his termination of employment. He was asked to stop by his supervi- 
sor’s office and discuss the problem at his next available opportunity. 

Faced with significant financial obligations and now the potential loss of his 
job, Calloway took out a life insurance policy on himself; next he plotted to 
attack a flight crew of a FedEx flight and then crash the plane into the ground. 
The large life insurance policy would take care of his family, but part of the suc- 
cess of the plan meant making the crash look like an accident. There is also some 
speculation that he considered crashing the aircraft into the FedEx headquarters 
building in Memphis, TN, but that would have not assisted in his attempt to make 
the crash look accidental. Calloway’s attempt on FedEx Flight 705 was thwarted 
by the sheer willpower of the three-person flight crew, who, although severely 
wounded, fought Calloway for nearly 30 minutes while continuing to fly the plane 
to a successful emergency landing in Memphis. 

Calloway was scheduled to be part of the Flight 705 crew. However, he and 
his fellow crewmembers went past their allowable duty time, so another crew was 
assigned. Calloway’s initial plan was to fly on Flight 705 as the second officer, 
thereby reducing the number of people he would have to fight—the male pilot 
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and the female first officer. As the second officer, Calloway would also have the 
control of the CVR breaker switch, which could have enabled him to shut off the 
CVR, thus hindering crash investigators in determining the cause of an accident. 
It is suspected that Calloway attempted to turn off the CVR anyway, as second 
officer Andy Anderson noted twice that he observed the CVR breaker switch in 
the off position. 

When Calloway boarded the flight, he was not searched. Air cargo pilots 
do not undergo screening the way many airline pilots do when they access the 
sterile area. The cargo area of most airports is located away from the passenger 
terminal facility, therefore, there is not a sterile area. Most cargo pilots are only 
required to go through a security-controlled door to access the tarmac and 
aircraft. 

Shortly after takeoff as the aircraft completed its climb to cruise altitude, 
Calloway entered through the open cockpit door and hit the second officer several 
times in the head with a hammer. He then quickly turned and struck first officer 
Jim Tucker in the head with a hammer. Calloway next turned his attention to the 
captain, who began wrestling with Calloway for control of the hammer. Calloway 
then left the cockpit momentarily but returned with the spear gun. The second 
officer grabbed the protruding spear, and he and the captain pushed Calloway out 
of the cockpit and into the galley. The first officer, despite a severe head injury, 
took over the controls of the aircraft. 

While at the controls, the first officer began a series of violent flight maneu- 
vers meant to keep Calloway off balance and out of the cockpit. Eventually, the 
captain and second officer were able to temporarily subdue Calloway, long 
enough for the captain and first officer to switch places and get the plane turned 
back toward Memphis. 

Calloway recovered slightly and continued fighting the two flight crewmem- 
bers until the plane landed at Memphis. All three flight crewmembers survived, 
but their injuries ensured they would never fly again. There are several important 
points to this incident: 


1. Calloway was serving as a flight crewmember after he had been notified of a 
discrepancy that could result in his termination from employment. 

2. Calloway was a martial arts expert and had the advantage of surprise and the 
ability to strike his victims several times before they could fight back; 
however, the three men were still able to fight and subdue him. No matter 
how bad their injuries, they never gave up the fight. 

3. Calloway used weapons and tools that he hoped would not have caused 
investigators to suspect foul play. However, in numerous crashes and 
bombings, investigators have still been able to find evidence of foul play, 
even when the aircraft was at the bottom of the ocean, as in Air India Flight 
182. If Calloway meant for a crash to appear as an accident, it is likely that 
there would have been enough evidence from the plane crash, or certainly the 
will he left on his bed, to suspect foul play. 
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4. The first officer used the aircraft and extreme maneuvering to keep control of 
the situation. Although many airline flight procedure manuals state that pilots 
are not to use violent maneuvers during an air piracy attempt, it appears to 
either be a natural reaction, a preferred form of self-defense by pilots, or the 
most available and efficient means to attempt to control what is happening. In 
interviews conducted with several pilots for this textbook, they all stated that 
regardless of what “the book” says, they would not hesitate to use extreme 
maneuvering to keep hijackers off balance. In 1970, an El Al Airline pilot 
used this tactic to avoid a hijacking, and even the hijacker on United Airlines 
Flight 93 used this tactic in an attempt to keep the passengers from storming 
the cockpit on 9/11. 

5. A violent blow to the head with a hammer does not necessarily end the fight. 
All the flight crewmembers and Calloway himself were hit repeatedly in the 
head with hammers, but all continued to fight. 

6. Commercial aircraft are constructed so that during an emergency it is easy to 
get out, but not as easy to get in without a boarding bridge or air stairs. Since 
9/11, some airport law enforcement agencies have developed “raider” trucks, 
specially designed pickup trucks that have air stairs, which can rapidly unfold 
as the truck approaches an aircraft door. This allows law enforcement 
personnel the ability to rapidly access the aircraft, as compared to using the 
slower-moving standard air stair vehicles. 


Calloway was charged with air piracy. He pleaded temporary insanity, but a 
jury disagreed and sentenced him to life in prison without the possibility of 
parole. 


OPERATION BOJINKA (THE MANILA AIR PLOT) 


Operation Bojinka was actually a series of terrorist attacks planned to occur in 
1995. The attacks included the bombing of 12 US airliners over the Pacific 
Ocean, a plot to assassinate both Pope John Paul II and President Bill Clinton, 
and a plot to crash a Cessna general aviation aircraft filled with explosives into 
CIA headquarters. The key player in the Bojinka plots was the mastermind behind 
the 1993 bombing of the WTC, Ramzi Yousef (Fig. 2.4). 

After the WTC bombing, Yousef fled to Pakistan and continued to evade cap- 
ture for the next 2 years. Also known as the Manila Air Plot, Yousef had planned 
for bombers to board 12 Asia-based flights bound for the United States, assemble 
and arm their devices, then debark at stopovers. The bombs would be timed to 
detonate when the aircraft were over water. Yousef had already tested airport 
security measures by smuggling nitroglycerine in contact lens bottles secreted in 
his shoes. In fact, the 9/11 Commission used Yousef’s test as an example of the 
inadequacy of airport metal detectors and X-ray machines to detect the bombs 
that Yousef intended to use. 
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FIGURE 2.4 


Ramzi Yousef. 


Had Yousef been successful, 12 airplanes, each carrying an average of 250 pas- 
sengers, would have been destroyed, killing more than 3000 people, which would 
have nearly matched the total number of fatalities in the 9/11 attacks. Yousef’s 
next step was to test his device on an actual airplane. On December 11, 1994, 
while aboard a Tokyo-bound Philippines Airlines flight, Yousef planted a bomb 
under the seat with a digital watch timer, mainly to see if the timing device 
worked. Yousef again made it through airport security concealing the bomb and 
bomb-making materials. The aircraft flew from Manila to Cebu, where Yousef, 
who assembled the device in the airplane lavatory, departed the plane upon land- 
ing, leaving the bomb under seat 26 K. 

Later, after the plane had again taken off, the bomb detonated, killing the 
Japanese businessman sitting in 26 K and injuring 10 others. The plane managed 
to make a safe emergency landing in Okinawa. Yousef also bombed a theater in 
the Philippines as another test. Although his experiment worked, the airline bomb- 
ing plot was thwarted when an associate of Yousef’s accidentally set fire to the 
kitchen in his apartment while his associate was mixing chemicals. Police conduct- 
ing the investigation went through laptop computers that had been seized from the 
apartment, along with other evidence that revealed the details of the plot. More 
details were soon revealed, such as Yousef’s tie-in with fellow 9/11 conspirator 
and al-Qaeda operative Khalid Sheikh Mohammed, who was also involved in the 
plot, but neither he nor Yousef were at the lab when it burned. He and Yousef had 
also planned to bomb US-bound cargo flights by sending jackets containing 
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nitrocellulose! as cargo. Yousef was later arrested in Pakistan, brought to the 
United States, and stood trial in the 1993 bombing of the WTc.'° An interesting 
sidebar to this story is that in the original WTC bombing the explosive device 
included cyanide gas, which Yousef had included in the hopes of causing massive 
casualties. The cyanide gas evaporated in the truck bomb explosion. This is evi- 
dence of an attempt by a terrorist to use a chemical WMD in the United States. 

The case of the Manila Air Plot highlights the importance of flight crews 
searching an aircraft before departure and ensuring that individuals who depart an 
aircraft take their belongings with them. If they are returning to the same flight, 
flight crews must ensure that all de-boarded passengers do return. Although this 
does not prevent suicide bombers, it does help to prevent “leave-behind” bombs 
from being placed on an aircraft. The issue of inadequate airport screening equip- 
ment in detecting the threats of the time would be addressed a year later after the 
crash of TWA Flight 800. 


TWA FLIGHT 800 


On July 17, 1996, TWA Flight 800 departed JFK International Airport in New 
York bound for Paris. Shortly after takeoff, the Boeing 747 crashed off the coast 
of Long Island, NY (Fig. 2.5). Although the crash was determined not to be 
caused by a bomb or missile strike, it did result in significant changes to the US 
aviation security system. 

Within moments after the crash, dozens of security experts were on TV reso- 
lute in their conviction that the crash was the result of a terrorist attack, either a 
bombing or a surface-to-air missile. This theory was further supported when 
investigators found residue from explosives of the same type that had been used 
in a previous bombing. After a 16-month investigation, the FBI concluded that 
the explosives residue was left from a canine security training exercise and that 
the surface-to-air missile some witnesses said they spotted was most likely a trail 
of fuel igniting as the aircraft exploded. Eventually, the National Transportation 
Safety Board (NTSB) investigators would suspect a faulty centerline fuel tank 
issue as the cause of the explosion. In the length of time it took to ascertain that 
the crash was not related to a security incident, the US government took action as 
if it were a security issue. President Bill Clinton soon established the White 
House Commission on Aviation Safety and Security, led by Vice President 
Al Gore and commonly referred to as the Gore Commission. 





‘Nitrocellulose is a highly flammable compound, which is also a form of smokeless gunpowder 
often used for magician’s flash paper and in early photographic film processing. It also has medicinal 
uses but can be fashioned into a propellant or low-order explosive. For nitrocellulose to operate as an 
explosive, it must first be detonated by a high-order explosive such as a detonator or blasting cap. 
'©Yousef was convicted and is currently serving a life sentence at “Supermax,” in Florence, CO. 
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FIGURE 2.5 
Investigators reconstruct TWA Flight 800. 





FLIGHT CREW SUICIDES 


Airline flight crews undergo some of the most in-depth background checks, which 
often include psychological evaluations, as part of the hiring process. However, like 
most individuals, pilots experience life-related problems—and these problems 
include the risk of suicide. Sometimes a suicidal individual will want to murder 
others before, or while, taking his or her life. Unfortunately, when these problems 
manifest within a pilot, he or she has the ability to affect the fate of many others. 
These types of incidents, regardless of whether they are classified as terrorism, are 
the most difficult to thwart because the perpetrator already has access to the airport, 
the aircraft, the cockpit, and the knowledge of how to fly and control the plane. 

In 1997, a Boeing 737 operated by SilkAir with 104 passengers and crew on 
board departed Jakarta-Soekarno-Hatta International Airport in India. While cruis- 
ing at 35,000 feet, the plane promptly began a rapid descent, breaking up over the 
Musi River Delta. NTSB investigators believed that the captain may have switched 
off both flight recorders (voice and data) and nosed the aircraft over when the first 
officer left the flight deck. The captain may have been struggling with several per- 
sonal and financial issues at the time (Flight Safety Foundation, 1997). 

In 1999, a Boeing 767 operated by EgyptAir departed Los Angeles 
International Airport with 217 passengers and crew on board. The flight was 
bound for Cairo, Egypt, with a stopover at Kennedy Airport in New York. 
Approximately 30 minutes into the flight, the relief first officer took the controls 
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and the primary first officer and captain both left the flight deck. According to 
the NTSB’s investigation, the relief first officer made several control inputs 
resulting in the aircraft going into a severe dive and soon exceeding the plane’s 
maximum airspeed. The relief first officer repeated the phrase “I rely on God” 
several times. When the captain returned, he asked what was happening but the 
relief first officer kept repeating the phrase. Although there was apparently an 
attempt by the captain to recover the aircraft from the dive, it crashed into the 
Atlantic Ocean south of Nantucket Island, MA (Flight Safety Foundation, 1999). 

There have been other suicides by flight crew, including another incident in 
1999 when an Air Botswana captain boarded an ATR-42 turboprop aircraft, took 
off with no passengers or other flight crew on board, and flew around the airport 
demanding to speak to the country’s president. The pilot threatened to crash into 
the other parked aircraft and eventually did so, eliminating the Air Botswana air- 
line fleet. 

Unfortunately, there is little that passengers on board a commercial airliner 
can do to prevent a pilot from committing suicide. By the time most passengers 
determine something is wrong with their flight, the aircraft would likely be head- 
ing toward the ground. This type of aviation threat, which includes the FedEx 
Flight 705 attack, is best handled with thorough background checks and educating 
managers and personnel on workplace violence and early-intervention programs. 


THE MILLENNIUM BOMBER 


In December 1999, Ahmed Ressam was arrested at the Port Angeles, WA, dock 
when he attempted to smuggle a VBIED through the Customs area. He intended 
to set off the device at the international arrivals Bradley Terminal Building at Los 
Angeles International Airport. He was caught when a suspicious Customs agent, 
Diana Dean, noticed that Ressam was acting “hinky.” As inspectors took a closer 
look at his vehicle, they noticed several green bags filled with a white-powder 
substance. Suspecting narcotics, they initiated a pat-down search of Ressam, at 
which point he wrestled out of their custody and took off running. He was caught 
after a short foot chase and later sentenced to 22 years in prison after being con- 
victed for trying to plant a bomb at Los Angeles International Airport. 

During the search of his trunk, before inspectors realized they were dealing 
with a bomb, one inspector vigorously shook a jar containing a brown liquid. 
Upon shaking the jar he noticed Ressam, now in custody in a police car, suddenly 
ducked down. Later, it was discovered that the jar contained nitroglycerine, 
intended to be used as a triggering device for the VBIED. Although there was vir- 
tually no way of knowing what was in Ressam’s trunk, this is an important lesson 
for anyone responsible for conducting a vehicle search. The 300-foot rule was 
instituted in the 1990s in response to the Oklahoma City and WTC bombings, 
and Ressam’s attempt demonstrates that the use of a VBIED against an airport 
has been considered and attempted. 
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SEPTEMBER 11, 2001 


On the morning of September 11, 2001, 18 operatives from the al-Qaeda terrorist 
network hijacked four commercial airliners over the continental US. Two of the air- 
liners struck the north and south towers of the WTC in New York City. Another 
airliner struck the side of the Pentagon in Washington, DC. The fourth airliner was 
retaken by the passengers and crashed in a field near Shanksville, PA. The US avi- 
ation system was immediately shut down. Nearly 6000 aircraft were ordered to 
land immediately at the closest airfields. Only military and essential emergency or 
government flights (like Air Force One) were allowed into the air for the next sev- 
eral days. The attack triggered US offensive operations in Afghanistan and Iraq and 
sweeping changes to the aviation security system, both in the United States and 
overseas. The following timelines are taken from The 9/11 Commission Report: 


1. 7:59 am (EDT). American Airlines Flight 11, a Boeing 767, departs from 
Boston Logan Airport heading to Los Angeles with 5 hijackers on board. The 
leader of the 9/11 attacks, Mohammad Atta, and another hijacker had flown 
from the Portland Jetport in Maine earlier that morning to Boston. 

2. 8:38 am. The Boston air traffic control center notifies the North American 
Aerospace Defense Command’s (NORAD) Northeast Air Defense Sector 
(NEADS) that American Airlines Flight 11 had been hijacked. With 
81 passengers, 9 flight attendants, and 2 pilots on board, the Boeing 767 
diverted from its assigned course and headed eastbound toward 
New York City. 

3. 8:46 am. NEADS scrambles fighter jets to intercept American Airlines Flight 
11. However, just 40 seconds later, the airliner crashes into the North Tower 
of the WTC. By 10:29 am the North Tower (1 WTC) completely collapses. 

4. 8:14 am. United Airlines Flight 175, a Boeing 767, departs from Boston 
Logan Airport bound for Los Angeles with 5 hijackers on board. The 9/11 
report estimates the aircraft was hijacked between 8:42 am and 8:46 am. 

At 8:52 am, a flight attendant on board notifies United Airlines national 
headquarters that the flight has been hijacked, and it turns toward New York 
City. By 8:55 am, the FAA in New York suspects a hijacking. 

5. 9:03 am. United Airlines Flight 175, with 56 passengers, 7 flight attendants, 
and 2 pilots, crashes into the South Tower of the WTC (2 WTC), killing all 
on board and more in the tower. The South Tower collapses at 9:50 am. 

6. 8:20 am. American Airlines Flight 77, a Boeing 757, departs from the 
Washington Dulles Airport bound for Los Angeles, with 5 hijackers on board. 
The 9/11 report estimates the hijacking occurred between 8:51 am and 8:54 am. 
The aircraft turns south, then back toward Washington, DC. At 9:05 am, 
American Airlines is aware that Flight 77 has been hijacked. At 9:25 am, the 
FAA orders all nonmilitary aircraft to land immediately and cancels all flights. 

7. 9:32 am. Dulles Tower controllers spot a fast-moving flight on radar 
(American Airlines Flight 77). At 9:34 am, NEADS is advised that American 
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Airlines Flight 77 is missing. Three minutes later, American Airlines Flight 77 
crashes into the Pentagon, killing everyone on board, including 58 passengers, 
4 flight attendants, and 2 pilots, plus an additional 125 people in the Pentagon. 

8. 8:42 am. United Airlines Flight 93, a Boeing 757, departs from the Newark 
Liberty International Airport bound for San Francisco, with 4 hijackers on board. 
At 9:24 am, United Airlines sends a text message via ACARS” to all of its 
flights, including Flight 93, to be alert for possible cockpit intrusions. Flight 93 
responds to the message asking for clarification. The 9/11 report estimates 
the Flight 93 hijacking occurred at approximately 9:28 am, just minutes after 
the flight received the text message warning. There are 40 passengers on the 
flight, including a pilot, a judo expert, and an off-duty federal agent. Several 
passengers make cell phone and in-flight telephone calls to family members. 
Passengers are advised by family members of the crashes at the WTC and the 
Pentagon and elect to take action against the hijackers. 

9. 9:57 am. The revolt by the passengers begins, and at 10:03 am United 
Airlines Flight 93 crashes, inverted and at high speed, into a field near 
Shanksville, PA. All aboard are killed, but there are no ground casualties. 

It is speculated that the target of Flight 93 was either the White House or the 
US Capitol. There is some speculation that NEADS may have shot down 
Flight 93. However, the closest military aircraft, an F-16, was nearly 

100 miles away when Flight 93 crashed. At the time of the crash, NEADS 
was not aware that Flight 93 had been hijacked. 


The hijackers selected transcontinental flights, which assured full or nearly 
full fuel loads. Rick Rescorla was the head of security at the Morgan Stanley 
Bank in the WTC. Before 9/11, he had researched scenarios that involved loading 
an airplane with explosives and crashing it into the WTC. According to Rescorla, 
aircraft such as the Boeing 767 have enough fuel on board (23,000 gallons at 
capacity) to create a large enough explosive force that additional explosives were 
not necessary to be able to bring down the buildings. Rescorla was killed in the 
attacks; however, many of Morgan Stanley’s employees were saved by his emer- 
gency evacuation exercises and plans. 

All of the flights carried light passenger loads, making it easier to control the 
relatively smaller number of people. Additionally, the hijackers had previously 
flown on the flights they would eventually hijack and took flights in general avia- 
tion aircraft around New York to familiarize themselves with the airspace and 
their targets. The hijackers piloting the aircraft were trained at flight schools in 
the United States. 

Evidence indicates that the hijackers advised passengers that they were to remain 
calm and that the airplanes were returning to the airport to have their demands met, 
thus creating the belief by passengers that a “traditional hijacking” was taking place. 





17 ACARS stands for Aircraft Communication Addressing and Reporting System. It is a digital data 
link system for transmitting text messages between aircraft and ground stations. 
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This mindset may have contributed to the lack of action by crewmembers and pas- 
sengers on the first three flights. The passengers on Flight 93 had the benefit of 
knowing that the intentions of the hijackers were not just to land the plane and start 
issuing demands, but more likely to turn Flight 93 into a guided missile. 

Other evidence indicates the hijackers were cleared through screening check- 
points with knives permitted by security or that were concealed. Before 9/11, the 
United States allowed knives less than 4 inches in length into the passenger cabin. 
On Flight 93, some passengers indicated that one of the hijackers carried a gun. It 
is not known if this gun was real or a toy plastic gun. The hijackers may have 
also displayed a fake bomb, using clay and other materials that would normally 
be allowed on a commercial flight. 

The US government shut down the national aviation system for several days 
after the attacks. The only aircraft flying in US airspace were military, certain 
essential government aircraft, aircraft fighting wildfires in California at the time, 
and some medical and humanitarian flights. When the airports did reopen and the 
planes took to the skies once again, Army National Guard troops were stationed 
in airport terminals, metal detectors were turned to their highest sensitivities, and 
security queuing lines were backed up for hours as screeners methodically 
checked each traveler. The United States, Canada, and the ICAO all focused on 
similar and appropriate responses to the 9/11 attacks. 

Within months of 9/11, the US Congress passed the Aviation and 
Transportation Security Act of 2001. Canada revised its security programs, and 
the ICAO revised its aviation security guidance manual. The United States also 
passed several subsequent legislative measures including the Air Transportation 
Safety and Stabilization Act, which provided money to US air carriers for finan- 
cial losses suffered during the attacks. 

The terrorist attacks of 9/11 forever changed the way the world’s public and, 
especially, flight crews will perceive and react to future hijackings. There have been 
at least 35 hijackings (through 2012) since 9/11, and in nearly all cases the hijackers 
were stopped by onboard security personnel, passengers, crewmembers, or law 
enforcement when the aircraft landed. Although many pre-9/11 hijackings also ended 
similarly, and with the safe release of most of the hostages, the pre-9/11 strategy of 
complying with hijacker requests has now changed to active resistance. This new 
approach to stopping attacks against aviation was demonstrated shortly after 9/11. 


POST-9/11 ATTACKS 
RICHARD REID (THE SHOE BOMBER) 


On December 22, 2001, just 3 months after the terrorist attacks on 9/11, Richard 
Reid (Fig. 2.6) attempted to detonate an explosive concealed in his shoe while on 
board American Airlines Flight 63, en route from Paris to Miami, FL. He was 
caught when a flight attendant observed him attempting to light a match on the 
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FIGURE 2.6 
Richard Reid. 





tongue of his shoe. She intervened and was pushed aside by the much larger 
6-foot-4-inch Reid. Another flight attendant yelled for help and was assisted by 
several passengers who responded and managed to wrestle Reid to the floor. Two 
doctors on the flight used sedatives to subdue him as the aircraft diverted to 
Boston Logan International Airport. 

A day earlier, Reid had attempted to board the same flight but was turned 
away by a suspicious gate agent. He was referred to security representatives for 
additional questioning. The security personnel were privately employed by the 
airport and not allowed to conduct a search. When they also became suspicious 
of Reid, he was turned over to local police officials. He was again questioned 
but not searched. Reid’s profile fit several suspicious passenger elements. He 
was on an international flight without any checked baggage; no available means 
of supporting himself such as traveler’s checks, cash, or credit cards; and very 
little carry-on baggage. Perhaps the most salient cause for suspicion was that 
he was a British citizen, traveling on a passport issued in Brussels, Belgium, 
and flying from France to the United States. Regardless of these indications for 
suspicion, authorities released Reid, who quickly booked passage on the next 
day’s flight. On December 22, Reid returned to Charles de Gaulle International 
Airport. He managed to pass undetected through an airport metal detector 
with plastic explosives concealed in his shoes and boarded American Airlines 
Flight 63. 

Authorities found the plastic explosive triacetone triperoxide and a detonator 
hidden in the lining of Reid’s shoes. This resulted in US passengers having to 
remove their shoes for separate screening at security checkpoints. Reid was 


ee 
87 


E] 
88 


CHAPTER 2 Crime and terrorism in aviation 


convicted on terrorism charges and sentenced to life in prison. The incident 
pointed to two important issues in aviation security: 


1. The use of passenger questioning for the purposes of assessing risk. 
2. The inability of conventional X-ray equipment and metal detectors to detect 
the types of explosives currently in use. 


The incident also points to the importance of training flight crewmembers in 
both security awareness and self-defense techniques, as well as the strategy of 
passenger intervention. 


MANPAD ATTACKS (KENYA AND IRAQ) 


The use of a surface-to-air missile against a civilian aircraft has occurred several 
times in the course of aviation’s history. Surface-to-air missiles are a legitimate 
threat to today’s commercial airliners. Since 1938, there have been approximately 
80 incidents related to shooting down a commercial airliner. There are commonal- 
ities among commercial aircraft shoot-downs: 


1. Most occurred during a time of war over a country experiencing armed 
conflict. 

2. The aircraft was shot at while it was still on the ground. 

3. The aircraft was shot down by a military aircraft. 


The first shooting after 9/11 of MANPADs on a commercial airliner that was 
not associated with a war occurred on November 28, 2002. Al-Qaeda operatives 
shot two SA-7 shoulder-launched surface-to-air missiles at an Israeli-flagged 
Arkia commercial airliner as it departed Mombasa, Kenya, with 271 passengers 
on board. Both missiles missed, and the Israeli government responded by equip- 
ping its El Al Airline fleet with antimissile flare-defense systems. '* 

The November 22, 2003, shooting of a surface-to-air missile into a DHL cargo 
aircraft as it departed Baghdad, Iraq, again focused US attention to the threat of 
MANPADs (Fig. 2.7). The Airbus A-300 cargo plane was hit with an SA-7 mis- 
sile (another missile was fired but missed), striking the trailing edge of the air- 
craft’s left wing. Although severely damaged, including the loss of much of the 
hydraulic flight control system, the flight crew was able to land the aircraft. 


Airport attacks 

On May 22, 2002, Patrick Gott, of Pensacola, FL, allegedly angry because people 
had ridiculed his turban, opened fire with a shotgun and invoked the name of Allah 
at the Southwest Airlines ticket counter inside the Louis B. Armstrong New Orleans 
International Airport. One individual was killed and another wounded in the inci- 
dent. Bystanders tackled the man, preventing him from continuing the attack. 





'8The attack was conducted simultaneously with a suicide car bombing attack against the Paradise 
Hotel in Mombasa that killed 14 people. 
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FIGURE 2.7 
DHL flight after being hit by a surface-to-air missile. 


On July 4, 2002, Hesham Mohamed Hadayet opened fire at the Los Angeles 
International Airport (LAX) international arrivals terminal building, killing two 
and wounding four others before El Al security agents killed him. Armed with a 
.45-caliber pistol, a 9-mm pistol, a knife, and extra ammunition for the firearms, 
Hadayet entered the international terminal and began shooting passengers waiting 
in line at the El Al ticket counter. Two armed El Al security agents responded, 
along with LAX police. Within moments, Hadayet stabbed one of the El Al 
agents, who then opened fire, killing the assailant. 

In 2007, two suicide bombers drove a sport utility vehicle, loaded with explo- 
sives, into the terminal building at the Glasgow Airport. One of the suicide bom- 
bers died in the attack, and five others received non-fatal injuries. Bollards placed 
in front of the terminal building doors prevented the vehicle from entering the 
building. In 2010, a suicide bomber detonated explosives within the terminal area 
at the Moscow Domodedovo International Airport, killing 35 and injuring over 
100. On November 1, 2013, an individual active shooter entered terminal 3 at Los 
Angeles International Airport and opened fire on TSA personnel. The shooter was 
wounded in a gun battle with airport police. TSA officer Gerardo Hernandez 
died, and three others were injured. "° 





This incident is addressed in more detail in Chapter 11, The Threat Matrix, in the section on 
active shooters. 
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In 2013, an avionics technician and employee at the airport attempted to deto- 
nate a car bomb in a suicide car bombing at the Wichita Mid-Continent Airport. 
He was stopped by FBI agents before he could carry out the attack. In 2016, two 
suicide bombers detonated explosives inside the public area of the Brussels 
Airport in Belgium. The explosions, which were carried out with another explo- 
sion in a nearby subway station, killed at least 11 and injured dozens more. These 
incidents highlight the importance of having properly armed and trained law 
enforcement personnel in the public-use areas of an airport. 


RUSSIAN AIRLINER BOMBINGS 


In August 2004, explosives carried onboard by terrorists brought down two 
Russian airliners. The bombers were two Chechen women who boarded separate 
flights at Russia’s Domodedovo International Airport with explosives concealed 
in their braziers. This incident is now referred to as the “Black Widows.” 

Volga-Avia Express Flight 1303, a Tupelov-134, crashed as the result of a 
bomb 26 minutes after departing the airport, killing all 43 passengers and crew. 
Minutes later, Siberia Airlines Flight 1047, a Tupelov-154, also crashed as the 
result of a bomb, killing 46 passengers and crew. During the check-in process at 
the airport, both women were referred to a police captain for further scrutiny but 
no devices were found. The police captain was sentenced to 7 years of incarcera- 
tion for negligence. A ticket agent was also charged with accepting a bribe to 
allow one of the bombers, who did not have proper identification, to board the 
plane. She also received a jail term. In the subsequent crash investigations, the 
explosive material RDX (also known as Hexogen) was found in the wreckage of 
both aircraft. Chechen militants had used RDX previously. 

The X-ray machines and metal detectors used in Russia are similar to those 
used in the United States for many years and cannot detect many of the current 
explosives in use by terrorist organizations today. After this incident, Russia 
required travelers to remove bulky clothing, shoes, and belts for X-rays, and sub- 
jected passengers to a profiling interview to identify higher-risk travelers requir- 
ing additional scrutiny. In 2015, while en route to St. Petersburg, Metrojet Flight 
9268 crashed off Egypt’s Sinai Peninsula, killing all 224 people on board. ISIS 
took credit for the downing and published a photo of an improvised explosive 
device that incorporated a pop can. 


LONDON BOMB PLOT 


On August 9, 2006, authorities in Great Britain arrested 21 individuals suspected 
of plotting to detonate liquid explosives onboard several commercial aircraft 
departing from the United Kingdom and bound for the United States. The number 
of operatives involved in the plot is significant, as is the fact that many of them 
were UK citizens. As a result of the threat, air traffic at airports throughout the 
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United Kingdom came to a temporary standstill. This bomb plot was similar to 
the strategies used in the Manila Air Plot attempted by Ramzi Yousef in 1995. 

The US government’s response to this incident provides three important con- 
siderations for aviation security policy makers and practitioners. The first is the 
concept of thinking then acting (vs acting then thinking). The second is the con- 
cept of preventative maintenance. The third is the concept of the systematic 
approach to aviation security. 

The first reaction of the DHS to the London bomb plot was to increase secu- 
rity threat levels to red for aircraft traveling from the United States to the United 
Kingdom, and to orange for all other domestic flight operations. Despite the fact 
that the DHS stated there is not a known threat to US aviation from potential 
bombers, the next reaction was to prohibit the carriage of all forms of liquids or 
gels from the cabin. The rationale was to prevent potential bombers from carrying 
explosive components onto an aircraft, then assembling the devices in aircraft lav- 
atories. However, this strategy was designed to only protect the aircraft, leaving 
airports wide open to another form of devastating terrorist attack, as the no- 
liquids policy immediately caused thousands of passengers to once again congre- 
gate in airport ticket and screening queues. The potential impact of a suicide 
bomber, particularly a VBIED-style attack, would be devastating in these areas of 
large passenger populations. 

The no-liquids policy is an example of acting, then thinking. The failure of 
government to do the preventative maintenance necessary in aviation security sys- 
tems has trained security agencies to react to, and then think and roll back if later 
deemed appropriate, certain security measures. Preventative maintenance in this 
case means continually upgrading aviation security programs to match the new 
threats as they develop. For example, metal detectors and X-ray machines have 
been a part of aviation security since the 1970s. However, the threats prevented 
by these technologies have changed over time. After Pan Am Flight 103, officials 
stated that the X-ray machines in use could not detect Semtex, the plastic explo- 
sive used in the bombing. However, the machines were not replaced with ones 
that could detect explosives until 13 years later. In 1995, Ramzi Yousef smuggled 
nitroglycerine through security checkpoints, and the 9/11 Commission noted that, 
again, the X-ray systems at the time could not detect these chemicals. The United 
States responded in 1996 with the limited use of explosive trace detection equip- 
ment. Even with this equipment, the majority of passengers continued to go 
through the metal detectors and their luggage through X-ray machines that still 
could not detect the explosives terrorists were using in attacks throughout the 
world. 

One controversial strategy to determining what items or materials should be 
restricted is not to take away items from travelers that could potentially be made 
into explosives. Laptop computers and cell phones could be used as timing and 
power devices, but they are also necessary tools for today’s business traveler. 
DVD players, MP3 players, and portable video games help keep passengers enter- 
tained on long flights, but they too could be used as a timing or power device for 
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an explosive. The solution to this security risk is to improve the screening 
process to be able to handle the profile of today’s business and recreational flier, 
not take away every object that could possibly be used to trigger a bomb or as a 
weapon. 

The London bomb plot presented a slightly new threat to airport security, 
liquid-based explosives. Therefore, new security measures that do not inhibit the 
safe flow of passengers must be developed. Passenger and carry-on checkpoint 
screening practices must be upgraded with effective procedures and better 
equipment. The establishment of profiling methods should reduce the number of 
people receiving additional scrutiny. X-ray machines need to be upgraded to 
stand-alone Computed Tomography explosive detection systems, and metal detec- 
tors must be upgraded to explosive trace detectors or full-body scanners. A con- 
tinuing investment to improve security systems to be able to defeat existing and 
developing threats is a better long-term strategy, which will help avoid temporary 
solutions, such as carry-on baggage restrictions, that disrupt the transportation 
system. 

The third lesson in response to the London bomb plot is for government regu- 
lators to understand that aviation security is part of a larger and more complex 
security system. It is imperative that those responsible for ensuring aviation secu- 
rity recognize that security is made up of a “system of systems.” Airport security 
is linked to a series of interconnected security systems. When one aspect is chan- 
ged, one or more related outcomes will occur that will affect other components of 
the system. 

Another challenge present in the liquid-bomb plot is that authorities suspected 
that the plot was moving forward several days, and possibly even weeks, prior to 
putting a stop to it. This is a controversial but necessary course of action. To stop 
every potential terrorist attack when it is first detected may only capture low- 
level operatives, while allowing high-level operatives to escape, learn from their 
mistakes, and make another, possibly successful attempt. Identifying and tracking 
attackers and planners as the plot progresses allows law enforcement to identify 
higher-level operatives, such as cell leaders and potentially bomb makers, result- 
ing in the arrest and possible termination of the cell entirely. 

Unfortunately, this strategy does not always work as the Bureau of Alcohol, 
Tobacco, Firearms, and Explosives found out during Operation Fast and Furious, 
when the agency lost track of numerous firearms agents they were tracking in an 
attempt to capture higher-level weapons traffickers. Possibly hundreds of the 
weapons were lost and later linked to crimes, including the shooting death of a 
US Border Patrol agent, Brian Terry, in 2010. Had authorities lost track of the 
liquid-bomb plotters, several aircraft and thousands of US citizens could have 
died in the subsequent attacks. 

In their usually adaptive methods, there is evidence that at least one of the ter- 
rorists involved in the liquid-bomb plot was planning on taking his wife and chil- 
dren on the aircraft with him, to reduce suspicion by not being a single passenger. 
This represents a high level of dedication on the part of the operative, who was 
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not only willing to sacrifice his own life as an airline suicide bomber, but to also 
sacrifice the lives of his family. 

Passengers affect security systems when forced to check more bags because of 
security concerns. Baggage management and checked-baggage security systems 
are designed to handle a certain number of bags per year. Dumping millions more 
bags into those systems results in flight delays as aircraft loaders wait for the 
bags to be processed. Furthermore, more lost bags, increased financial loss to the 
airlines, and more people standing in airport arrival halls result from increased 
restrictions to carry-on baggage. The government must understand that sudden or 
highly restrictive policies related to carry-on baggage could threaten the economic 
viability of airlines and the national economy. Additionally, with laptop compu- 
ters and other expensive electronic equipment being placed in checked baggage, 
more of it gets stolen. Laptop theft is particularly damaging as the information on 
the laptop can often be exploited for a variety of purposes, such as identity theft 
and corporate espionage. 

The frequent business traveler generates much of an airline’s revenue. The 
standard profile of a business traveler is to take only carry-on bags. Waiting for 
checked baggage to arrive can add hours of time to an airline trip. Hours spent 
waiting for bags to arrive have a direct financial impact on the ability of a busi- 
nessperson to make money. Business travelers select public or private charter air- 
craft when the time to check-in or depart an airport becomes excessive. This 
change in transportation vendors has a significant economic impact on airlines. 

As another alternative strategy to traveling with long delays at airports, busi- 
ness travelers may select not to travel but rather conduct business through another 
mode of communication. In this case, the entire travel industry, including airlines, 
hotels, and rental car agencies, will lose money when business travelers decide to 
Web conference or teleconference rather than fly. Security processes must con- 
tinue to enable the advantages of air travel while providing a reasonable level of 
security and an acceptable level of risk. 


NORTHWEST FLIGHT 253 (AKA, UNDERWEAR BOMBER) 


On December 25, 2009, a Nigerian national, Umar Farouk Abdulmutallab, 
attempted to detonate plastic explosives hidden in his underwear while on board 
Northwest Airlines Flight 253, en route from Amsterdam to Detroit, MI. The 
bomb failed to detonate, catching fire instead and burning the bomber, and 
passengers stopped Abdulmutallab from continued attempts. After the attack, the 
TSA took an initially silly approach to stopping future attacks by requiring pas- 
sengers to keep everything off of their laps during the final hour of flight. This 
process made no sense, because what is the difference in detonating a device 
during the last hour of flight, versus at any other time during the flight? This 
“rule” was quickly dismissed and the United States then stepped up its use of the 
pat-down screening technique at the security checkpoints and accelerated the 
deployment of the body imaging technology. 
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GENERAL AVIATION AIRCRAFT—IRS BUILDING 


In February 2010, a Texas man, upset with the Internal Revenue Service (IRS), 
took his own small aircraft and crashed it into the IRS building in Austin, TX, 
killing himself and an IRS service manager. While not terrorist related the inci- 
dent did bring brief attention to the lack of security at general aviation airports. 
The attack was a suicide-by-airplane-style attack that most security measures 
would not have normally prevented, as the individual owned the aircraft and had 
lawful access to both it and the airport where it was based. 


YEMEN AIR CARGO PLOT 


Two desktop printers, with plastic explosives concealed in their printer cartridges, 
were loaded onto cargo flights out of Yemen on October 29, 2010. Al-Qaeda in 
the Arabian Peninsula took responsibility for the plot, which was intended to take 
down commercial aircraft carrying the printers as cargo. Saudi Arabia intelligence 
agencies discovered the plot, notified US authorities, and the bombs were soon 
found during routine stopovers at East Midlands Airport in the United Kingdom, 
and Dubai, on separate cargo planes bound from Yemen to the United States. 
Although Congress mandated that cargo shipped on commercial airliners be 
screened by August 2010, that requirement did not yet extend to international 
flights. In 2012, Congress mandated that by the end of the year, all cargo on US 
flights and inbound from international destinations is required to be screened by 
the aircraft operator. 


MOSCOW DOMODEDOVO AIRPORT TERMINAL BOMBING 


In January 2011, 35 people were killed and more than 100 injured in a suicide 
bomb attack at Moscow Domodedovo Airport, in the international arrivals termi- 
nal. Domodedovo was also the launch point for the female Chechen suicide bom- 
bers who took down two Russian airliners in 2004. After the 2004 attack, Russia 
installed body imaging devices into their security checkpoints, but the bomb deto- 
nated in the public area of the terminal, prior to the checkpoints. Numerous other 
suicide bomb attacks had previously taken place throughout Moscow prior to the 
airport bombing. 


UNDERWEAR BOMBER II 


In May 2012, another underwear bomb attack was thwarted by US intelligence 
agencies and the plot never posed a serious threat to aviation security. The bomb 
was allegedly made by Yemen-based Ibrahim Hassan al-Asiri, the same bomb- 
maker who made Abdulmutallab’s device and the Yemen air cargo bombs, but 
was apparently an upgraded version from the first underwear bomb in that it did 
not contain metal and would not likely have triggered an airport metal detector. 


Conclusions 


However, an Advanced Imaging Technology machine may have identified that 
the bomb had an individual attempted to bring it through a US screening check- 
point, but those remain in limited use internationally. 


GERMANWINGS PILOT SUICIDE 


A first officer on Germanwings Flight 9525, an Airbus A320 with 150 people on 
board, locked the airplane’s captain out of the cockpit when the captain went to 
the lavatory. The first officer then descended the aircraft, crashing into the French 
Alps, killing everyone on board. There have only been a few such attacks where 
the pilot commits both suicide and homicide by crashing their own aircraft into 
the ground. Family members of victims announced a lawsuit against a US flight 
school in Arizona for failing to identify the copilot’s history of depression and 
instability (Associated Press, 2016). Some began calling for change to cockpit 
security procedures to prevent future occurrences, such as technology that allows 
the aircraft to be taken over from the ground. However, US policies require that a 
flight attendant or other qualified crew member takes the place of the pilot who 
has to step out of the cockpit for any reason, during flight. 


THE MALAYSIA FLIGHTS 


On March 8, 2014, Malaysia Flight 370 disappeared while en route from Kuala 
Lumpur to Beijing, somewhere (it is believed) over the Indian Ocean. A few 
pieces of the aircraft have been found, washing up on shore in Australia, but the 
search continues for more evidence of what happened to the flight. Some have 
speculated that the aircraft may have been hijacked or sabotaged, but not enough 
evidence exists to come to any conclusions about why the airplane crashed. All 
239 people, along with the majority of the aircraft itself, remain missing. 

On July 17, 2014, Malaysia Airlines Flight MH17, was hit by a surface-to-air 
missile en route from Amsterdam to Kuala Lumpur. The aircraft was flying over 
a region in conflict in the Ukraine. All 283 passengers, including 80 children and 
15 crew members, were killed. While this incident is not an aviation security inci- 
dent in the pure sense of the term, since the airline essentially flew over a war 
zone and it was apparently not the intent of those firing the weapon to take down 
a civilian airliner, it did serve as a lesson to the industry about safe routes for 
aircraft to fly. 


CONCLUSIONS 


The TSA’s blog site continues to publish, on a weekly basis, the amounts of 
weapons and prohibited items confiscated at security screening checkpoints. 
Whether it is the well-coordinated attacks of 9/11 and Pan Am Flight 103, attacks 
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by disgruntled employees, or the unrealistic visions of a 16-year-old boy, aviation 
security practitioners must continue to focus on strategies that prevent and miti- 
gate any attack or threat while continuing to move people through the aviation 
system. 

Policy makers and practitioners of aviation security face the challenge of 
deciding where the most dangerous threat lies and taking measures to prevent 
those threats from becoming real attacks. Funding for security measures must be 
guided by risk analysis, historical data, and a careful and continuing assessment 
of the developing threats throughout the world. While the United States has 
made significant strides in dismantling terrorist networks and eliminating key 
operatives—through the liberal use of drone attacks, American military forces, 
and particularly US Special Forces Command personnel—new threats continue to 
surface. Terrorist cells operate like the drug smugglers of the 1980s and 1990s, as 
loosely organized groups sharing a common goal, relying on subversion and 
quickly replacing members when necessary. 

Taking costly and rigorous security measures when there has only been a mini- 
mum of casualties may not receive the necessary public support. However, waiting 
too long until hundreds or thousands have died will result in accusations of being 
reactionary and negligent by failing to take the necessary precautions ahead of 
time. In fact, this pattern is clear when looking at the history of aviation security, 
which has tended to take action only following a significant loss of life. Canada, 
England, the United States, and Russia have all had their 9/11 s—their watershed 
events that finally caused a change in the way security practices are managed. 

Current events and the dissemination of various types of information continue 
to foreshadow potential future attacks on aviation. Security policy makers and 
practitioners have not always demonstrated the implementation of strong policies 
or procedures for detecting or acting on these warnings. As a global society, we 
tend to pay little attention to the unsuccessful attempts, even when those failures 
were caused by chance or poor planning by the attackers. As an example, the his- 
tory of commercial aviation foreshadowed the events of 9/11 in that numerous 
incidents of hijackers attempting to take over control of an aircraft for use as a 
WMD had occurred. However, until the attacks of 9/11, using a commercial air- 
craft as a WMD had not been successful. 

Other information, even in the form of entertainment, can also help to predict 
potential attacks by terrorists or criminals. Before 9/11, author Tom Clancy wrote 
in Debt of Honor, about a commercial airline pilot flying his plane into the US 
Capitol as a suicide attack (Clancy, 1995). In 2011, Clancy and coauthor Peter 
Telep, in their book Against All Enemies, presented a plot to attack several US 
commercial aircraft using surface-to-air missiles smuggled through the porous 
US—Mexico border. Author Nelson DeMille has also presented plausible attacks 
on aviation in The Lion’s Game, which came out | year before 9/11, an excellent 
thriller that depicts a chemical weapons attack against passengers on a jet coming 
into JFK, and again in his 2004 book, Nightfall, which presents a possible alter- 
nate scenario to the downing of TWA Flight 800 by surface-to-air missile. 


Conclusions 


As individuals interested in aviation and airport security, the preceding exam- 
ples should force us to ask: What attacks are foreshadowed that should be identi- 
fied and mitigated today? In recent years, the world experienced its firsts MANPAD 
threat against a civilian airliner, and airports have again come under attack by 
lightly armed gunmen. Perhaps Tom Clancy indirectly foreshadowed these attacks 
on aviation when in The Teeth of the Tiger (Clancy, 2003) he described a story in 
which armed gunmen attack various US shopping malls with weapons and explo- 
sives. Similar real-life attacks, including the armed assault of a school in Beslan, 
North Ossetia, in 2004, the active shooter attacks in Mumbai, India, in 2009, and 
the active shooter attacks in Paris in 2015, have already occurred. It does not take 
immense effort to realize the extensive damage and loss of life that would occur if 
such an attack were to take place during the busy holiday season in an airport ter- 
minal full of travelers. The commercial success of these works of fiction, and the 
successes of actual attacks on other public areas, represents real attack possibilities 
and that the public and terrorists are still fascinated with threats to aviation. 
Consider the tactics employed in Iraq, Afghanistan, and Israel by suicide bombers 
using vehicles containing explosive devices as WMDs. The unsuccessful plan to 
detonate a large-scale vehicle containing explosives next to an airport terminal 
building by Ahmed Ressam, the Millennium Bomber, was a significant event that 
may foreshadow future attempts by terrorists to cause destruction and death. Based 
on the history of aviation security incidents, could these unsuccessful attacks be 
simple precursors to much more devastating attacks to come? 





WHY AVIATION SECURITY HISTORY IS RELEVANT 


Joshua Ball, MPA 
Airport Security Coordinator 


Throughout the history of flight, threats to aviation have always existed. As threats vary over 
time, security generally is reactive, changing after an attack. It was almost 40 years after the 
first attack on aviation before regulations were in place in the United States. The regulations 
came about in the early 1970s and remained vastly unchanged for another 30 years before the 
system reform. The reform was a direct result of the terrorist attacks of September 11, 2001. 

Traditionally, security offered some protection against risks and deterred future acts from 
occurring. Over time policies have changed the focus from one threat to another. I should note 
that it is important to remember that the same risks from 1931 are present today. 

Since its birth, aviation security has been primarily a reactive force. As threats or attacks 
become known, security changes to help deter or prevent the same style attack in the future. This 
style can often feel like a dog chasing its own tail. 

Threats to aviation have generated four different generations of aviation security. Each 
generation faces new levels of threats, which will continue into the future. The current state of 
aviation security is a result of several factors. The terrorist attacks of September 11, continued 
attempts, and the growing threats from extremists all play a role. 

Since September 11, many micro changes have allowed the industry to keep pace. Large 
paradigm shifts have occurred, especially during the transition. Before September 11, aviation 
security was the main responsibility of the aircraft operator. The FAA regulated security, but was 
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not involved in screening. Now aviation security is a collaborative effort between aircraft 
operators, airports, and the federal government that form multiple layers of security. 

The review into the attacks on September 11 came from the bi-partisan 9/71 Commission. The 
purpose of the Commission was to review a full account of the circumstances that led to the 
attacks on September 11, 2001. By studying historical data and events, the Commission was able 
to make several recommendations. Some recommendations are now policy while others were not 
implemented. 

Time and time again, attacks carried out overseas are later carried out in the United States. By 
studying foreign attacks, the aviation security community can better protect against future risks. 
Similarly, historical events have relevance as well. 

During the 1960s and 1970s, many hijackings and hostage situations occurred. As a result, 
regulators implemented policies that led to drastic reductions in the United States. 9/11 taught us 
it was time for reform again and led to a drastic policy overhaul. In recent years we have focused 
on advanced imaging, liquids, and insider threats. Each of these were direct responses to threats 
that existed. 

The aviation industry faced hijackings, insider smuggling, and an international terminal 
bombing recently. None of the events were the first occurrence. Sadly, it will most likely not be 
the last time either. 

Future success is dependent on the aviation community, increasing their vigilance. Security 
awareness training must extend to everyone working in aviation. A campaign like “See 
Something, Say Something” is a great example of an awareness program. The goal is to train 
everyone to recognize something out of the ordinary and report it to authorities. 

I would venture to say that more changes have occurred in the last 15 years than in the rest of 
aviation history combined. An integrated system that is agile and can evolve with changing 
threats is essential. Sharing of intelligence and information needs to increase with local partners to 
succeed. 

Historically speaking, aviation security has evolved over time to combat future threats. 
Professional security stakeholders have consistently raised the bar when threats have dictated. The 
fact of the matter is security must be correct 100% of the time while an attack only has to do it 
once to be a success. 

Moving forward, the world aviation community must identify methods to proactively identify 
risks that are capable of responding to threats. There are many possible solutions the aviation 
community could put in place. Are the solutions in new ideas like Security Management Systems? 
Only time will tell. 

Regardless of the solution, the culture of the entire community must focus on safety and 
security as a service to their customers. In a post-9/11 world, people have high expectations of 
security. It is our duty as aviation security practitioners to fulfill that obligation. Understanding 
the history of where we came from is crucial to our future. 

No matter the era, style, or location of an attack on aviation, the aviation community must 
follow the events and consider what safeguards are in place at their airport, airline, or regulatory 
agency to prevent the same event from happening again. As philosopher George Santayana once 
said “Those who cannot remember the past are condemned to repeat it.” 
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Policies and procedures 


The development of aviation 
security practices 


OBJECTIVES 


This chapter provides an overview of the development of aviation security 
policies in the United States and other nations. The roles of the United Nations 
and the International Civil Aviation Organization (ICAO) in affecting aviation 
security policy and legislation are introduced. The ICAO’s Annex 17 and other 
related programs are illustrated in relation to airport and aircraft operator security. 
The chapter also highlights key changes in aviation security created by legislation 
passed after the Aviation and Transportation Security Act of 2001. 


INTRODUCTION 


The bombing of the Brussels airport in 2016 raised many questions about the 
level of aviation security in Europe and other nations, compared to International 
Civil Aviation Organization (ICAO) Annex 17, and to the US Security policies 
in the United States and abroad have largely been created through public reac- 
tion to specific security incidents, and the same can be said of international avi- 
ation security practices. While in the United States, the government deployed 
US marshals to act as air marshals in the early 1960s in response to hijackings, 
some international air carriers employed their own armed security officers. The 
United States began to pass legislation as the number of hijackings and bomb- 
ings grew, and the ICAO also began to address the issue. By the late 1960s and 
early 1970s, the frequency of hijackings exceeded the ability of the air marshals 
or security officers to handle them, and the deployment of such personnel 
resulted in great expense to the government or the air carriers. As a result, pas- 
senger and carry-on baggage screening using technology designed to counter 
hijackings and bombings were adopted. Hijackers were known to use guns and 
hand grenades in their attacks, so metal detectors and X-ray machines were used 
to screen for such items. 

During the 1960s and 1970s, dynamite, which can be identified by an X-ray oper- 
ator, was often the preferred explosive for an aircraft bomb. Plastic explosives were 
not commonly used at that time, thus security policy makers did not focus on the 
detection of plastics. However, even as plastics became the explosive of choice in 
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the 1980s and 1990s, airlines did not adjust and continued to use conventional X-ray 
machines and metal detectors, neither of which reliably detect plastic explosives. 
Today, a peroxide-based explosive known as triacetone triperoxide has become the 
explosive element of choice for many bombers, both airline and otherwise. 

In the 1980s, new security strategies were developed, mostly in Canada and 
the United Kingdom, in response to the bombings of Air India Flight 182 and Pan 
Am Flight 103. Two notable hijackings in the 1980s, TWA Flight 847 and PSA 
Flight 1771, spurred the United States to develop additional policies and 
procedures, specifically in the areas of airport access control and credentialing 
(ie, badging and background checks). These policies were eventually followed 
internationally, but often not at the same level as in the United States. 

The 1990s brought more security legislation, and more policies and procedures, 
as legislators responded to the bombing of the World Trade Center in 1993 and to the 
1995 Murrah Federal Building bombing in Oklahoma City and Operation Bojinka. ' 
While the Murrah building was not an aviation target, the incident highlighted the 
vulnerability of an airport to vehicle-borne improvised explosive devices, which in 
turn, drove airports to increase security measures for a period of time. Ramzi Yousef 
was also caught in a plot (Bojinka) to blow up 12 US commercial airliners on interna- 
tional routes in 1994, but neither the United States nor the ICAO made significant 
policy changes as a result, even though the explosives Yousef planned on using 
were liquid-based and undetectable by the screening technologies in use at airports. 
The 9/11 terrorist attacks were a watershed event for global aviation security, result- 
ing in the largest aviation security system overhaul ever in response. 

Unfortunately, the industry as a whole did not keep up with the evolving terror- 
ist threat until after 9/11, and debate continues over whether the United States 
should, or could, have done more to prevent the 9/11 hijackings. Policy makers 
face a dilemma in determining the development of national security policy: If there 
has not been a major incident to incite massive change (and massive government 
spending), then the populace criticizes the government for wasting money. If, how- 
ever, a significant incident occurs, the populace criticizes the government for not 
acting soon enough. Without the events of 9/11 and regardless of the intelligence 
available beforehand, it is likely that there would have been little public support for 
the massive changes and spending the US government subsequently implemented. 


INTERNATIONAL CIVIL AVIATION ORGANIZATION 


When security practitioners need guidance and help, they often look to the ICAO 
and the Standards and Recommended Practices (SARPs). The ICAO was estab- 
lished on December 7, 1944, at the Convention on International Civil Aviation in 





‘Operation Bojinka was a plot to destroy 12 US airliners over the Pacific Ocean using bombs 
placed under passenger seats. See Chapter 1, Overview of the Aviation Industry and Security in the 
Post-9/11 World, for more details. 


International Civil Aviation Organization 


Chicago and was formalized as a specialized agency of the United Nations in 
1947. The ICAO’s purpose is to “secure international cooperation and highest 
possible degree of uniformity in regulations and standards, procedures, and orga- 
nization regarding civil aviation matters” (ICAO, 2006). The ICAO publishes 
SARPs on several aviation practices, including pilot licensing, rules of the air, 
meteorology services for air navigation, aeronautical charts, airplane and airport 
operations, air traffic control (ATC), and numerous other areas. 

The ICAO is a specialized agency of the United Nations charged with the 
administration of the principles laid out at the convention, which include ensuring 
the safe and orderly growth of international civil aviation throughout the world. 
The assembly meets at least once every 3 years. Each contracting state is entitled 
to one vote, and decisions of the assembly are decided by a majority. There are 
now 188 member states, known as Contracting States? 

ICAO Annexes are similar to US aviation security regulations, but incorporate 
both standards (ie, regulations) and recommended practices, which are similar to 
Federal Aviation Administration (FAA) Advisory Circulars. In this sense, the 
ICAO includes both what is required and what should be required, in the same 
document. Additional guidance can be found in numerous ICAO Documents, 
such as Document 8973 Security Manual for Safeguarding Civil Aviation Against 
Acts of Unlawful Interference (now known as the Aviation Security Manual), 
along with other ICAO publications. 


ICAO ANNEX 17: SECURITY 


In 1974, the ICAO created Annex 17 to the Chicago Convention: Safeguarding 
International Civil Aviation Against Acts of Unlawful Interference. The Annex 
describes the SARPs for aviation security throughout the world. Annex 17 set the 
first definitions in the industry for terms such as screening, regulated agent, and 
security-restricted area and established guidance on key security issues including 
the following: 


Measures and procedures to prevent unauthorized access to the airfield. 
Development of training programs. 

Isolation of security-processed passengers. 

Inspection of aircraft for concealed weapons or other dangerous devices. 
Prisoner transport. 

Law enforcement officer checked-baggage transport. 

Cargo and mail screening. 

Incorporation of security considerations into airport design. 
Background checks for aviation employees. 

Passenger/baggage reconciliation. 

Security measures for catering supplies and operators. 


POO SN OARWN > 


—_ 





?In international references, a country is known as a State. 
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And, after 2001: 


. Access control standards. 

. New standards for passenger, carry-on, and checked-baggage screening. 
. In-flight security personnel. 

. Protection of the cockpit. 


AON- 


An interesting contrast can be made in comparing ICAO standards and interna- 
tional security practices and aviation security practices in the United States. The 
following demonstrates that contrast: On August 25, 2006, dynamite was found in 
the checked-baggage hold of a Continental Airlines flight as it arrived into the 
Houston/Bush Intercontinental Airport from Buenos Aires, Argentina. After this 
discovery, newspaper services referenced a US Department of Homeland Security 
(DHS) study that found that many countries, while exceeding ICAO standards for 
checked-baggage screening, still do not meet the US standards. Although the accu- 
racy of the findings is not in question, it should be noted that the United States did 
not screen checked baggage on domestic flights at all’ before 9/11. When the 
United States started screening checked baggage following the Aviation and 
Transportation Security Act of 2001 (ATSA, 2001) legislation, the baseline for 
screening was established at a higher standard than called for by the ICAO. 


ICAO CONVENTIONS ADDRESSING AVIATION SECURITY: PRE-9/1 1/01 


The Chicago Convention in 1944 did not specifically address civil aviation security; 
however, the definition of an aircraft in distress was established during that time. 
This definition impacted how hijacked aircraft were handled for decades thereafter. 

It has long been a fundamental humanitarian principle to assist another con- 
tracting state when an entity of that state is in danger. This principle has 
required maritime vessels from other countries on the high seas to respond to 
another vessel in distress, no matter the reason for that distress or the country of 
origin, and to render all available assistance. The Chicago Convention claimed 
that this “law” should include aircraft from contracting states and therefore 
included “aircraft in distress” as part of the convention. Unfortunately, the com- 
mittee drafting the convention did not provide descriptors of what constituted 
“distress,” thus allowing countries to come up with their own definitions. The 
freedom of a contracting state to decide what constitutes distress has been criti- 
cized, particularly during the 1985 hijacking of TWA Flight 847, when flight 
controllers in Beirut and Algiers repeatedly denied permission for the hijacked 
flight to land. Since 1947, eight significant ICAO conventions have addressed 
aviation security. 





"International air carrier operations were required to use Positive Passenger Bag Match, but not a 
physical form of screening. 


International Civil Aviation Organization 


The Tokyo Convention (1963) 


The first such convention to address aviation security is the Convention on 
Offenses and Certain Other Acts Committed on Board Aircraft—otherwise known 
as the 1963 Tokyo Convention. The convention addressed unlawful acts committed 
onboard an aircraft that affect the safety of flight, including how countries should 
handle a hijacked aircraft. Specifically, the convention obligates contracting states 
to take appropriate measures to restore or maintain control of the aircraft to the 
pilot in command; however, these “appropriate measures” extend only to the limit 
of what the country can feasibly and legally do (Abeyratne, 1998, p. 151). 

The Tokyo convention also required contracting states that receive a hijacked 
aircraft to permit the aircraft and all passengers and crew to proceed to their desti- 
nation, and further specified that the country in which the aircraft is registered 
has jurisdiction over the hijacked aircraft. The issue of jurisdiction is a continuing 
problem to this day, as is another issue addressed by the Tokyo Convention— 
unruly passengers. The convention gave the captain the power to restrain 
passengers who may jeopardize the safety of the flight, as well as the power to 
disembark unruly or disruptive passengers at the next port of call (Corbett, 2015). 


The Hague Convention (1970) 


By 1970, hijackings worldwide were reaching epidemic proportions with 118 
incidents of unlawful seizure of an aircraft and 14 incidents of sabotage and 
armed attacks against civil aviation. According to Corbett (2015), Cuba was 
becoming an increasingly attractive location for hijackers to escape punishment, 
and the Tokyo Convention had failed to define hijacking as an act of terrorism. 
Thus, the Hague Convention that year made hijacking a distinct offense, calling 
for severe punishment of hijackers (Abeyratne, 1998, p. 157). The convention 
defined the unlawful seizure of an aircraft (hijacking) as committed by any 
person(s) who “unlawfully, by force, or threat thereof, or by any other form of 
intimidation, seizes, or exercises control of, that aircraft, or attempt to perform 
any such act; or is an accomplice of a person who performs or attempts to 
perform any such act” (Abeyratne, 1998, p. 157). 

The Hague convention further obligated states to return a seized aircraft to the 
country in which the aircraft is registered, including its passengers and cargo, 
without delay and addressed jurisdiction over hijacked aircraft. Jurisdiction 
belongs first to the contracting state in which the aircraft is registered. If that state 
refuses or is unable to respond, jurisdiction passes to the contracting state where 
the aircraft first lands. Issues related to prosecution were more difficult to address 
because many contracting states refuse to extradite to countries that have the 
death penalty. 

Although the Hague Convention required contracting states to make hijack- 
ings punishable by severe penalties and to either extradite or prosecute hijack- 
ers, some nations chose to ignore this requirement. The Hague Convention did 
not list the penalties that should be imposed for hijacking or specify policies 
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against extradition or a refusal to prosecute hijackers (or prosecute with severe 
penalties), which made some contracting states, such as Cuba, safe havens for 
hijackers and bombers. 


The Montreal Convention (1971) 


On February 21, 1970, two bombs exploded on commercial aircraft, one in the 
cargo hold of an Austrian Airlines flight and another in the cargo hold of a 
Swissair Convair CV-990. The Austrian flight was able to land safely, but the 
Swissair plane was destroyed, killing 47 passengers and crew members (Corbett, 
2015). These bombings, along with the Dawson’s Field hijackings (addressed in 
chapter: Crime and Terrorism in Aviation), along with other hijackings in 1970, 
resulted in the Convention for the Suppression of Unlawful Acts against the 
Safety of Civil Aviation, otherwise known as the Montreal Convention. The con- 
vention expanded the criminalization of attacks on civil aviation to cover any 
attack on an aircraft, regardless of whether it occurred in flight, and to attacks on 
air navigation facilities and airports. An aircraft is defined as being “in flight” 
from the moment all external doors are closed until such time when any door is 
opened for disembarkation. This definition remains in effect. The Montreal 
Convention also added to the list of perpetrators of an attack on an aircraft those 
who are not actually onboard the aircraft, such as saboteurs, bombers, and those 
who facilitate the attack. 

The Montreal Convention defined five types of aviation offenses: (1) commit- 
ting an act of violence against a person onboard an aircraft in flight that endangers 
the safety of the flight; (2) destroying an aircraft or causing damage to an aircraft, 
rendering it incapable of flight, or endangering its safety while in flight; (3) placing 
or causing to be placed a device or substance likely to destroy or damage an air- 
craft; (4) destroying or interfering with air navigation facilities; and (5) communi- 
cating false information that interferes with the safety of a flight, including bomb 
threats. The convention also required all contracting states to implement passenger 
and carry-on baggage screening, as well as a national security agency to be in place 
at all major airports. This provision requiring deployment of a national security 
force is the first international guidance to come forth regarding airport perimeter or 
terminal security at nonmilitary airports. In the United States, this requirement is 
normally addressed by local airport police agencies, but in recent years, the Federal 
Protective Service (FPS) has deployed armed personnel to certain US international 
airports, to act in a force projection and response capacity. 


Chicago (1974) 

As hijackings continued into the early 1970s, the ICAO held an Extraordinary 
Assembly to develop additional security standards. The ICAO Council published 
Annex 17 to the Chicago Convention, which focuses on aviation security and the 
safety of passengers, crew, ground personnel, and the general public in all matters 
relating to the safeguarding of civil aviation from acts of unlawful interference 
(Corbett, 2015). 


International Civil Aviation Organization 


Montreal (1988) 


When terrorists attacked passengers in the terminal areas of the Rome and Vienna 
airports in an active shooter style assault, killing 19 civilians, the ICAO created the 
Protocol for Suppression of Unlawful Acts of Violence at Airports Serving 
International Civil Aviation, which criminalized offences against individuals at air- 
ports and destruction or damage to airport facilities or an aircraft not in service. 


Montreal (1991) 


The bombings of Pan Am 103, Air India 182, and Korean Air 858 led to the 
Convention on the Marking of Plastic Explosives for the Purpose of Detection 
(eg, taggants), which obligated states that manufacture plastic explosives to 
include a marking agent and to prevent the transportation of unmarked explosives 
within their borders (Corbett, 2015). 


ICAO CONVENTIONS ADDRESSING AVIATION SECURITY: POST-9/1 1/01 


The 33rd session of the ICAO assembly met in September—October 2001 and 
adopted Resolution A33-1, Declaration on Misuse of Civil Aircraft as Weapons 
of Destruction and Other Terrorist Acts Involving Civil Aviation. This resolution 
directed the ICAO Council and the United Nations secretary general to consider 
the establishment of an audit program relating to airport security arrangements 
and civil aviation security programs (ICAO, n.d.-a). 


Universal Security Audit Program Continuous Monitoring Approach 


A central element of ICAO’s global aviation security strategy was the Aviation 
Security Plan of Action, which includes regular, mandatory, systematic, and harmo- 
nized audits to enable the evaluation of aviation security in all member states 
(ICAO, 2006). The plan addresses the need to identify and assess global responses 
to new threats and to take action to protect airports, aircraft, and ATC centers. The 
ICAO provides significant guidance on conducting aviation security audits. This 
guidance includes the execution of an ICAO audit program, in which the ICAO 
assists a contracting state, airport, or aircraft operator in developing programs to 
address deficiencies in aviation security capabilities. The program, called the 
ICAO Universal Security Audit Program Continuous Monitoring Approach 
(USAP-CMA), is part of a larger effort to establish a global aviation security sys- 
tem. A USAP audit is conducted in a way that states have the opportunity to moni- 
tor, comment, and respond to the audit. The results of USAP audits understandably 
remain confidential as sensitive security information (SSI) (Fig. 3.1). 

The USAP-CMA promotes global aviation security through continuous audit- 
ing and monitoring of the performance of Member States in aviation security pro- 
cedures, by: (1) comparing their performance to Annex 17, (2) identifying 
deficiencies, (3) making and prioritizing recommendations, (4) evaluating correc- 
tive actions, and (5) periodic reassessments. The USAP-CMA process recognizes 
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Audit Cycle 
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FIGURE 3.1 
USAP audit process. 


that “one size does not fit all” when it comes to aviation security practices, so a 
variety of audits and monitoring activities are incorporated, and tailored, to each 
situation (ICAO, n.d.-b). 

Document-based audits are used for states with highly developed aviation 
security and oversight systems, and primarily measure the states’ ability to pro- 
vide effective oversight. Oversight-focused audits are used for those states with 
oversight and quality control systems already in place, but not sufficiently devel- 
oped to effectively and sustainably address aviation security risks. Compliance- 
focused audits focus on states with no or limited quality control over aviation 
security (ICAO, n.d.-b). 

The USAP is based on nine principles (listed here verbatim): 


1. Sovereignty. Each State has complete and exclusive sovereignty over the airspace 
above its territory, and the state’s responsibility and authority for oversight of 
aviation security, including its decision-making powers with respect to 
implementing corrective actions related to identified deficiencies (ICAO, n.d.-b). 
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. Universality. All Member States will be subject to continuous audit and 
monitoring activities by ICAO, in accordance with the principles, 
methodology, processes, and procedures established for conducting such 
activities, and on the basis of the Memorandum of Understanding signed by 
ICAO and each Member State (ICAO, n.d.-b). 

. Transparency of methodology. The USAP-CMA activity procedures and 
processes will be made available to all Member States (ICAO, n.d.-b). 

. Timeliness. Results of USAP-CMA activities will be produced and submitted 
on a timely basis in accordance with a predetermined schedule for the 
preparation and submission of these results (ICAO, n.d.-b). 

. All-inclusiveness. The scope of the USAP-CMA includes Annex 17 Standards 
and security-related Standards of Annex 9. It is expected to expand the scope 
of the USAP-CMA at appropriate times to include other security-related 
provisions contained in other Annexes to the Chicago Convention, in order to 
ensure their effective implementation in Member States’ civil aviation systems 
(ICAO, n.d.-b). 

. Consistency and objectivity. USAP-CMA activities will be conducted in a 
consistent and objective manner. Standardization and uniformity in the 
scope, depth, and quality of USAP-CMA activities will be assured 
through training and certification of all auditors, the use of standardized 
Protocol Questions, and the provision of relevant guidance material 
(ICAO, n.d.-b). 


. Fairness. USAP-CMA activities will be conducted in a manner such that 


Member States are given the opportunity to monitor, comment on, and 
respond to the USAP-CMA processes within an established time frame 
(ICAO, n.d.-b). 

. Quality. The quality of USAP-CMA activities will be ensured by assigning 
trained and certified auditors to conduct USAP-CMA activities in accordance 
with widely recognized auditing concepts, as well as by implementing an 
internal quality control system within ASA that continually monitors and 
evaluates feedback received from USAP-CMA stakeholders to ensure their 
ongoing satisfaction (ICAO, n.d.-b). 

. Confidentiality. SSI collected as part of the USAP-CMA will be protected 
from unauthorized disclosure. Accordingly, USAP-CMA audit reports will 
be confidential and will only be made available to the audited State and 
ICAO staff on a need-to-know basis. However, in the interests of 
promoting global aviation security, a limited level of disclosure will apply 
whereby charts depicting the level of implementation of the Critical 
Elements of an aviation security oversight system by a Member State and 
an indication of compliance by a Member State with Annex 17 Standards, 
as well as information pertaining to the existence of unresolved 
Significant Security Concerns in a Member State, will be made available 
to all Member States on the USAP secure web site (ICAO, n.d.-b). 
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To assist states in implementing the standards contained in Annex 17, the 
ICAO also developed a training program for aviation security. The program 
includes instruction on the following: 


1. The protection of aircraft, including preflight precautions, aircraft searches, 
and control of access to aircraft. 
2. Access control, including physical security measures, background checks, 
personnel identification system design, and vehicle permits. 
3. Quality control, including security inspections and audits, security tests, and 
training of security staff. 
4. Airport design as it relates to security, including minimizing the effects of an 
explosion on people and facilities. 
. Managing responses to unlawful acts. 
. Security equipment (eg, walk-through metal detectors (WTMDs), X-ray 
machines) and explosives. 
. Search and evacuation guidelines. 
. Surface-to-air missiles. 
. Incident command and emergency operations. 
- Model airport and aircraft operator security programs. 
. Dangerous goods. 
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The ICAO also recommends the following: 


1. The commercial explosives material should be tagged with chemical taggants, 
which make it easier to detect with explosive trace detection (ETD) machines. 

2. Information on the actions and movements of known terrorists should be 
shared with other member states. 

3. Information regarding the use of forged travel documents and information 
relating to arms and explosives smuggling should be shared. 

4. Countries must prosecute suspected bombers or extradite them. 


Beijing (2010) 

The Convention on the Suppression of Unlawful Acts Relating to International Civil 
Aviation (the Beijing Convention) continued the work of the previous Montreal con- 
ventions, criminalizing the act of using an aircraft as a weapon of mass destruction, 
and also to release any biological, chemical, or nuclear weapon from, or to use 
onboard, any civil aircraft (Corbett, 2015). Most significant to emerging threats, the 
Beijing Convention criminalized cyber-attacks on air navigation facilities. 


Montreal (2014) 


Between 2007 and 2014, 38,230 incidents of unruly passengers, including vio- 
lence against crew members and passengers, general harassment, and failure to 
follow safety instructions, occurred (ICAO, n.d.-b). The 2014 Montreal meeting 
resulted in the Protocol to Amend the Convention on Offenses and Certain Other 
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Acts Committed on Board Aircraft, which: (1) defined what constitutes unruly 
behavior, including the failure to follow safety instructions, threats, or physical 
assault on passengers and crew and (2) extended the jurisdiction over an offense 
to the destination country, in addition to the country of registration. These 
changes closed a loophole that occasionally allowed aggressors to escape prosecu- 
tion. The Protocol also opened doors to allow air carrier operators to recover legal 
costs arising from the unruly behavior, such has having to divert to remove an 
unruly passenger. 

As each ICAO Convention passes additional policies, each State must then rat- 
ify the new conventions, pass their own national legislation, and make changes to 
existing regulations and policies. These steps may delay the actual implementa- 
tion of new ICAO SARPs for months or years. 


ADDITIONAL ICAO ANNEXES RELATING TO AVIATION SECURITY 


Although Annex 17 focuses specifically on aviation security, it also contains 
several attachments that cross-reference other ICAO annexes related to security. 
These annexes address different security standards and also provide the following 
security guidance: 


1. Annex 2: Rules of the Air allows ATC to direct aircraft under unlawful 
interference to deviate from an approved flight path and to be granted priority 
handling. 

2. Annex 6: Operation of Aircraft establishes guidance for security of aircraft, 
including protection of the flight deck, aircraft search procedures, security 
training programs for flight crew members, and guidance in reporting security 
incidents. 

3. Annex 9: Facilitation states that security controls must be put into place that 
protect the aircraft, passengers, and cargo, but that these procedures must not 
unduly inhibit the movement of aircraft, passengers, and cargo. 

4. Annex 10: Aeronautical Telecommunications provides a method to notify 
ATC of an aircraft subject to unlawful interference through the transponder 
code 7500. 

5. Annex 11: Air Traffic Services (ATS; US ATC) directs air traffic controllers 
to provide the maximum amount of assistance to an aircraft under unlawful 
interference. Annex 11 is particularly relevant considering the difficulty 
some aircraft have had in receiving cooperation from ATC facilities to land 
a hijacked aircraft or an aircraft in need of assistance, but also for the 
incredibly important role air traffic controllers play during a hijacking or 
bomb threat on an aircraft. ICAO spells out the duties and role of air traffic 
controllers during a hijack situation, which were tested to their limits on 
9/11, not just with the hijacked aircraft but also in handling the nearly 4000 
additional aircraft that were still airborne and had to find a place to land. 
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a. Annex 11 specifies: “ATS will provide maximum assistance to an aircraft 
subjected to unlawful interference including priority handling. ATS will 
also notify and continue to provide information to the appropriate 
agencies, including rescue coordination centers, and other aircraft in the 
vicinity. Further, ATS will not refer to the situation in communications 
with the aircraft unless it is certain that such references will not aggravate 
the situation.” 

b. Since air traffic controllers are responsible for ensuring that an aircraft 
under unlawful influence receives greater separation from other aircraft, 
controllers have greater leeway in handling the flight. ATC is often called 
on to decide the best way to provide assistance, which may include 
enlisting the aid of other air-traffic services and providing the flight crew 
with information on suitable airports for landing, minimum safe altitudes, 
and weather conditions. 

c. During a hijacking, controllers attempt to determine the number of 
individuals onboard or remaining and the presence of hazardous materials. 
Whenever a bomb threat is suspected, air traffic controllers must promptly 
respond to requests by pilots, which may include air navigation procedures 
and services along the route of flight and at airports of intended landing. 
Controllers must try to expedite all phases of a flight, transmit information 
pertinent to the safe conduct of the flight to other agencies, monitor and 
plot the progress of the flight, coordinate transfer of the flight to other 
ATC facilities without requiring transmissions or other responses from the 
aircraft, advise adjacent ATS units of the progress of the flight, and notify 
the aircraft operator, rescue coordination centers, and designated security 
authorities. 

d. If the flight crew does not know that a bomb threat has been received, 
air traffic controllers must advise the flight crew immediately of the 
threat, determine the intention of the flight crew, and provide 
clearances for new destinations without delay. Additional ATC 
responsibilities are to advise the affected aircraft (if on the ground) to 
remain as far away as possible from other aircraft and facilities, ideally 
convincing the pilot taxi the plane off the runway to an isolated 
parking area (Price, 2004, pp. 30—31). 

6. Annex 13: Aircraft Accident and Incident Investigation addresses reporting 
requirements for incidents of unlawful interference. 

7. Annex 14; Aerodromes addresses airport security measures such as the 
creation of an isolated parking position where aircraft subject to unlawful 
interference may be positioned; the placement of perimeter fencing; and the 
positioning of an airport emergency plan that addresses hijackings, bombings, 
and other security incidents. 

8. Annex 18: The Safe Transport of Dangerous Goods by Air addresses air cargo 
security, specifically from the perspective of the shipment of hazardous 
materials. 
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US AVIATION POLICIES 


The Federal Aviation Act of 1958 created the Federal Aviation Agency (changed 
in 1966 to the FAA) and served as the foundation for many of the policies, proce- 
dures, and regulations currently practiced by the aviation industry. However, not 
until the late 1960s did aviation security become a serious enough issue to be 
addressed by the US Congress. One of the first American presidents to take action 
on aviation security was John F. Kennedy when he began assigning air marshals 
to flights in 1961. 


Now, let me say that we are — have ordered today on a number of our planes 
a Border Patrol man who will ride on a number of our flights. We are also 
going to insist that every airplane lock its door, and that the door be strong 
enough to prevent entrance by force, and that possession of the key be held by 
those inside the cabin so that pressure cannot be put on the members of the 
crew outside to have the door opened 

John F. Kennedy (1961) 


By January 1969, with eight airliners hijacked to Cuba in that month alone, 
the FAA faced a growing security problem. The FAA created a task force to 
address the crisis—their subsequent study reveals that a hijacker profile could be 
developed based on past hijacker behavioral characteristics. Further, the profile 
could be used in combination with magnetometer screening devices (or metal 
detectors) to prevent hijackers from boarding the aircraft. Eastern Airlines was 
the first air carrier to begin using the profile system, with four additional US air 
carriers adopting the system before year’s end. By July of 1970, New Orleans 
Moisant International Airport became the first airport to subject all passengers to 
the FAA’s new voluntary screening process (FAA, n.d.). 

However, it was not until September 11, 1970, that significant executive or 
legislative action would be taken toward combatting air piracy. On that day, 
which also occurred while the Dawson’s Field hijacking was taking place, 
President Nixon unveiled a plan to formally establish a sky marshal program; to 
inspect and screen passengers electronically at certain, large US airports; and to 
enact tougher antipiracy laws and international extradition treaties to bring hijack- 
ers out of safe harbor and back to the United States for prosecution. Later that 
month, Nixon appointed the first Director of Civil Aviation Security and pressed 
Congress to increase airline ticket taxes to pay for the security enhancements 
(Elias, 2010, p. 5). 

On March 18, 1972,4 the FAA created Federal Aviation Regulation Part 107 
Airport Security, which placed several responsibilities on US airports. Part 107 
required airports to establish and protect the Air Operations Area (AOA) of an air- 
port from unauthorized access, posting signs reading “Authorized Persons Only,” 





“This is a correction from an earlier version which listed the year as 1971. 
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locking and controlling access to all doors or gates entering the AOA, preventing 
unauthorized vehicle access to the AOA, challenging individuals in the AOA who 
appear to have gained unauthorized access, escorting visitors, and creating and 
airport security plan (FAA, 1972).° 

Since 1970, Congress has consistently addressed aviation security issues, 
largely in response to specific terrorist incidents. What follows is a short descrip- 
tion of some of the significant, US congressional acts passed in response to air 
terrorism. Because this text is a practical explanation of security procedures, the 
following descriptions should provide a framework and extract some lessons for 
current and future policy makers. 

Traditionally, the implementations of solutions related to aviation safety occur 
after problems have been identified. When the aviation industry recognizes a 
problem with an airplane’s design, manufacturing, maintenance, operation, train- 
ing, or other nonsecurity-related factor that is causing accidents and incidents, the 
industry moves rapidly to solve the problem and to reestablish the trust of the 
traveling public. Several government agencies, including the FAA, the National 
Transportation Safety Board (NTSB), the Occupational Safety and Health 
Administration, and the Environmental Protection Agency, oversee aviation safety 
issues. The aviation safety industry also has several incident and accident report- 
ing procedures and publicly available data. Safety incidents are analyzed and 
compared with similar incidents to look for trends and patterns, and solutions are 
recommended and implemented. When an aircraft accident occurs, the FAA and 
NTSB conduct an investigation to determine the causal factors. When necessary, 
the NTSB makes recommendations to the industry to make changes, leading to 
the prevention of further accidents. Unfortunately, many of these same protocols 
are either in their infancy or do not yet exist for the aviation security industry. 

The environment for aviation security varies from that of the aviation safety 
area in many ways. For example, public reporting for aviation security incidents 
is not as formalized as in the aviation safety situation. Often, when an aviation 
security incident occurs, the aviation industry looks to the government to provide 
solutions and funding. As a result, a presidential commission is often established. 
A commission’s findings often result in action and changes to the aviation secu- 
rity system, but are sometimes dependent on various public-interest organizations 
and the law-making process. 


ANTI-HIJJACKING ACT OF 1971 


One of the first acts to address aviation security in the United States, as well as to 
bring the United States up to ICAO standards on the prevention of an unlawful 





“In April 2015, the FAA proposed new rulemaking under the Title 14 CFR Part 107 (ie, FAR 107) 
that addresses the operation and certification of Small Unmanned Aircraft Systems—this may cause 
some confusion with long-time aviation security practitioners who recall when Part 107 addressed 
airport security regulations. 
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seizure of an aircraft, was the Anti-Hijacking Act of 1971. The act included pun- 
ishment of hijackers by life in prison. The bill provided a maximum penalty of 
only 5 years should the hijackers surrender during the hijacking, thus providing 
hostage negotiators some leverage in persuading hijackers to surrender. 


ANTI-HIJACKING ACT OF 1974 


Unfortunately, the FAA’s previous attempts to prevent hijackings and bomb- 
ings, namely, hijacker profiling and metal detectors, were not working. 
Hijackings continued throughout 1971. In early 1972, the FAA mandated that 
the air carrier industry implement a passenger and baggage screening system. 
Hijackings and bombings continued as the FAA issued additional mandates 
for air carriers to develop and submit for approval, security programs— 
intended to deter or prevent unauthorized persons, baggage, or cargo from 
entering the aircraft (FAA, n.d.). 

Additional measures, such as using trained dogs for explosive detection at 
airports, along with increased research and development for weapons- and 
explosives-detecting technology failed to stem the tide of air terrorism. By 
December 1972, the FAA issued an emergency rule requiring US air carriers to 
inspect all carry-on baggage for weapons or other dangerous objects; to scan 
each passenger with a metal detector; and to conduct a physical search, or pat 
down, before allowing passengers to board. Refusal to consent to a search 
resulted in the individual not being permitted to board. The rule also required 
airports to post a law enforcement officer at each airport in the boarding area 
during the boarding and screening process.° The main difference between the 
screening requirements first set forth by the FAA in 1969 and the new require- 
ments is that the previous requirements only required those individuals fitting a 
hijacker profile to be screened. The new requirements called for the screening 
of all passengers (FAA, n.d.). 

In August 1974, President Nixon signed the Anti-Hijacking Act of 1974, into 
law. This act authorized the president to suspend air service to foreign nations 
that encouraged hijacking and authorized the secretary of transportation to 
restrict the operation of foreign air carriers in the United States. The act also 
required the screening of all passengers and all property by “weapons detecting” 
technology. The legislation further enabled airlines to refuse to transport anyone 
not consenting to a search and mandated a law enforcement presence at the 
nation’s commercial service airports. This policy remains in effect. The Act 
mandated the death penalty for a hijacker if the hijacking resulted in an indivi- 
dual’s death. One of the most important requirements of the Anti-Hijacking Act 
of 1974 was that it placed the responsibility for passenger screening on the air 
carrier (or its designated contractor). This decision was criticized throughout the 





6At the time, screening checkpoints had not been established at most US airports. Screening was 
often conducted using metal detectors positioned at the boarding gate. 
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following years, as airlines sought security screening companies that were the 
lowest bidder rather than the most effective. This decision also went against 
common international practices of placing all security responsibilities, including 
passenger screening, on the airport operator. 

The passage of the Act seemed to have immediate effect as the calendar years 
of 1973 and 1974 reflected not a single airline hijacked in the United States 
(FAA, n.d.). The passage of the Act also set the baseline process for air carrier 
screening—a process that would not see significant changes until 2001. 


ACT TO COMBAT TERRORISM (1978) 


The 1978 Act to Combat Terrorism added the requirement for airports to notify 
travelers to foreign airports deemed dangerous for use by Americans. It further 
authorized the US president to suspend air service to those countries. This 
requirement can now be found in Title 49 CFR Part 1542 Subpart D: Public 
Advisories. 


AVIATION SECURITY IMPROVEMENT ACT OF 1990 


After nearly 20 years of bombings and hijackings, the United States embarked on 
its first major legislation to change the aviation security system. In response to 
the downing of PSA Flight 1771 and the bombing of Pan Am Flight 103, 
Congress passed the Aviation Security Improvement Act of 1990. This act revised 
Title 14 CFR Part 107 Airport Security to include more comprehensive regula- 
tions on personnel identification systems and airport access control systems. It 
also required airport and airline personnel (including pilots) to undergo passenger 
screening in certain circumstances. 

As with many responses to security threats, some actions may seem counter- 
productive or have no significant effect in deterring attacks. A portable radio was 
found to be part of the bomb used to take down Pan Am Flight 103. From this 
discovery, the US government started requiring travelers to turn on their laptop 
computers and other portable electronic devices at screening checkpoints. The 
question remained, why not simply X-ray the devices as is done today? At the 
time, laptop computers were new, and there was a fear of damaging the computer 
if X-rayed. The practice of turning on a laptop was intended to show that the 
computer was a working computer and not a shell hiding a weapon or explosive; 
however, it is still possible to construct a working improvised explosive device 
within a working radio or computer. Soon after the downing of Pan Am Flight 
103, screeners at London Heathrow International Airport discovered a detonation 
device inside a working calculator, which also lessened the logic that a bomb 
could only be concealed inside a nonworking electronic device. The batteries and 
other electronics within many approved electronic devices (at the time, mostly 
laptop computers and radio/cassette players) can be used as a triggering or power- 
ing mechanism for an explosive device. Restricting laptops and cell phones from 
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being carried on an aircraft impacts the advantages inherent in aviation, particu- 
larly for business travelers who are responsible for a significant portion of an air- 
line’s revenue. 

The act addressed the capabilities of the access control systems’ at the 
nation’s airports and personnel identification systems. Federal Aviation 
Regulation Part 107.14 Access Control was expanded to require computerized 
access control systems that record who has authorized access to doors, gates, or 
other access points. These systems must immediately deny access to people who 
do not have authorized access, distinguish airfield access authority for aviation 
personnel allowed access to only certain areas, and immediately prevent 
individuals without approved access media from accessing the airfield. These 
access control standards are still in place and embodied in Title 49 CFR Part 
1542.207(a). Because most security doors leading out to the airfield are also fire 
alarm doors, fire regulations require a crash bar that allows egress from the build- 
ing in the case of an emergency. 

Airport access media systems underwent an overhaul in 1990. Before the 1990 
act, access media (personnel identification badges or airport ID badges) were easy 
to duplicate, often requiring just a simple typewriter, an instant camera, and a 
laminator. In some cases, coding was placed on the magnetic strip on the back to 
enable an employee to open certain airfield access doors. Title 49 CFR Part 
107.14 raised the standard for personnel identification systems, making them 
more difficult to duplicate. 

Although the act also required flight crews to undergo screening, the concept 
of “employee screening” including flight crew members is a difficult issue. 
After 1990, employee screening was, and still is, required for those using the 
screening checkpoints to access the sterile area concourses or piers. However, 
many employees, including flight crews at their home-based airport and who 
have approved access media, bypass the screening checkpoints and use other 
doors leading to the airfield. Employees can then access the sterile area beyond 
the checkpoint by using airside doors that lead into the concourses. Employees 
with such access are considered to be “screened” as they have passed a 
fingerprint-based criminal history record check (CHRC) process. If that same 
person accesses the sterile area by way of the screening checkpoint, he or she is 
still required to be screened. This dichotomy has existed since 1990 in the US 
aviation system. 





"Before 1990, many airport access control systems were not able to restrict airfield access to only 
those employees authorized to have access. Door locks were often simple cipher locks, and there 
was no way to track who accessed a particular door. Some emergency exit doors, connected to a 
centralized computer system, could distinguish between employee accesses and would alarm if 
forced or left open. Cipher-locked doors were often easy to access as the codes were common 
knowledge throughout the airport employee population. In some cases, employees (or others) could 
figure out the code either by watching another employee go through the door, or even in some 
cases, the door code was etched or written on the wall adjacent to the door. 
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Employee screening has also been a contentious issue for pilots since the pas- 
sage of the rule. Pilots argue that if they desire to crash the plane, they can do so 
by simply flying it into the ground. Also, they question the effectiveness of taking 
away small knives and sharp objects from them, when there is a fire ax in the 
cockpit. In 2008, the Transportation Security Administration (TSA) initiated a 
test program to allow certain pilots to bypass screening. 


AVIATION SECURITY AND ANTITERRORISM ACT OF 1996 


In July 1996, TWA Flight 800 departed John F. Kennedy International Airport en 
route to Charles DeGaulle International Airport in Paris, France. The aircraft 
exploded shortly after takeoff, just off the coast of Long Island, killing all 229 aboard. 
The investigation took longer than 18 months, during which time federal investigators 
looked at a variety of theories, from mechanical mishap to terrorist attack. During the 
investigation, the exact cause of the crash was uncertain. Numerous security experts 
claimed that the crash was the result of a terrorist attack and that some bomb residue 
was discovered in the wreckage, which further drove the bomb theory." As a result of 
these claims, President Bill Clinton established the White House Commission on 
Aviation Safety and Security. Chaired by Vice President Al Gore, the Commission is 
commonly referred to as the Gore Commission. 

One of the most significant findings of the Gore Commission was that the fed- 
eral government should consider aviation security to be a national security issue 
and provide substantial funding for capital improvements. The Gore Commission 
stated: “The Commission believes that terrorist attacks on civil aviation are 
directed at the U.S., and that there should be an ongoing federal commitment to 
reducing the threats that they pose” (Gore, 1997). With this statement, the com- 
mission formally established a proactive policy toward aviation security. 

The Gore Commission report established that aviation security is essentially a 
government responsibility. This conclusion was a welcome relief to the airline 
industry, which had been responsible for providing aircraft screening since the 
early 1970s. A General Accounting Office (GAO) report on aviation security ech- 
oed this sentiment (GAO, 2001, p. 4), and the recommendation resulted in the 
development of ATSA 2001 after 9/11. Many of the commission’s findings 
helped to formulate the Aviation Security and Anti-Terrorism Act of 1996. Of the 
more than 50 recommendations, the following became policy after 1996. 

Airports established a security consortium consisting of airport security and 
law enforcement personnel as well as representatives from the FAA, Federal 
Bureau of Investigations (FBI), and other airport stakeholders. The consortium’ s 
goals are to stay abreast of evolving threats to aviation and to develop strategies 
and recommendations to counteract such threats. The consortium continues to 
exist. 





3A subsequent investigation showed that the bomb residue was likely the result of earlier, routine, 
K-9 bomb dog detection training. 
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The act required airports to conduct vulnerability assessments, which was 
supported by the FAA Authorization Act of 1996 that required the FAA and FBI 
to conduct joint threat and vulnerability assessments on security at least every 3 
years at each airport determined to be at high risk. The Department of 
Transportation (DOT), FAA, and FBI also established formulas to determine if an 
airport was at high risk. Such formulas are classified as security-sensitive infor- 
mation and vulnerability assessments are still a routine part of any airport security 
program (ASP). 

The act required fingerprint-based CHRCs for all screeners and all airport and 
airline employees with access to secure areas; however, they were required for 
only those screeners and airport and airline employees who could not meet the 
requirements of a 10-year employment history check known as an access investi- 
gation.” This limitation resulted in only a fraction of employees undergoing the 
CHRC process. This requirement was modified in the Aviation Security 
Improvement Act of 2000 to include all screeners, airport employees, and airline 
employees at Category X and Category I airports (most large-hub and medium- 
hub commercial service airports). 

Another flaw in the background check program was that anyone who had 
committed a felony but could still verify the previous 10 years of employment 
could easily lie on the application by stating he or she had never been convicted 
of a crime. This weak security procedure allowed people with questionable back- 
grounds to obtain approved airport and airline access media. A check of outstand- 
ing warrants was still not required for any aviation employee who could pass the 
10-year access investigation. Individuals convicted of crimes not on the disquali- 
fying offenses list, including all misdemeanors such as theft, could and did work 
within the security areas of an airport. 

The Computer-Assisted Passenger Prescreening System (CAPPS) was devel- 
oped as a result of the legislation. Based on certain indicators surrounding the pur- 
chase of an airline ticket, passengers were separated into low-risk and high-risk 
categories. High-risk passengers received additional scrutiny during screening. 

The commission called for the deployment of explosive detection systems 
(EDSs) and ETDs. More than 50 EDSs and numerous ETD systems were subse- 
quently deployed to commercial service airports across the United States. The 
units were used randomly to screen passengers and their baggage, and for certain 
passengers who were identified through CAPPS. A GAO report subsequent to 
9/11 revealed that the advanced explosives detection equipment was used to such 
a limited extent before 9/11 as to be minimally useful to aviation security. 





Before 1996, US aviation employees did not undergo mandatory background checks—not even for 
outstanding criminal warrants. The 1996 legislation called for individuals with gaps in their 
employment history, which may indicate time out of the country or time in prison, to submit their 
fingerprints to the airport or airline. The prints were sent to the FBI to check against a list of 26 
disqualifying felonies, a process that often took up to 3 months. Only a small percentage of person- 
nel had to undergo the process. After 9/11, turnaround times were reduced to a few days through 
the expedited use of its Electronic Fingerprinting Image Print Server. 
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The legislation significantly expanded the use of bomb-sniffing dogs with the 
FAA receiving funding for 114 new dog teams. It also set up the Aviation 
Security Advisory Committee (ASAC), a team of industry professionals brought 
together to advise the federal government on security issues. Several ASAC teams 
were involved in the development of aviation security regulations after 9/11. Also 
included in the act were the requirements to search commercial aircraft before 
each flight and increase inspections of air cargo through the Known Shipper 
program. 

The Gore Commission spent a lot of time discussing the development of 
passenger profiling systems. This included encouraging the FBI, the Central 
Intelligence Agency, and the Bureau of Alcohol, Tobacco, and Firearms to 
research known terrorists, hijackers, and bombers and then develop profile indica- 
tors that could be tied to an automated passenger information system. The com- 
mission pointed to the success of profiling used by US Customs, crediting the 
program with reducing passenger aggravation while increasing the detection of 
illegal substances being transported. 

The Gore Commission was careful to point out that any profiling system 
should not be based on race, religion, or national origin. The commission also 
recommended that the airlines should not retain passenger name data information. 
Passengers should also be made aware of screening processes and be allowed to 
not participate and consequently not fly. It was further recommended that the 
Department of Justice periodically review profiling procedures and that an advi- 
sory board be established to discuss issues related to civil liberties arising from 
profiling methods. The Gore Commission believed that profiling becomes less 
effective with the development of more efficient screening technology. Therefore, 
the commission recommended that profiling cease after EDS units are fully 
deployed. This policy ran contrary to the policies of many aviation security 
experts who viewed profiling as an integral part of the entire screening process. 
Many experts, then and now, believe that profiling should be combined with 
existing technologies, not used in lieu of them. 

The 1996 legislation also brought about aggressive tests of existing security 
systems by more than 300 FAA security agents acting as red teams. Red team 
(adversary) testing includes frequent, sophisticated attempts by red team person- 
nel to find ways to circumvent security measures, find weaknesses in the system, 
and anticipate what adversaries may attempt. However, although red teaming 
may have increased, its effectiveness was called into question in the following 
discussion by Andrew Thomas in his book Aviation Insecurity: “FAA testing at 
security checkpoints would involve placing a simulated explosive device in an 
uncluttered bag, oriented in such a way that it would be easily identifiable to 
even the most poorly trained X-ray machine operator. Conversely, the Red Team 
would disguise the testing device within a cluttered bag” (2003, p. 58). However, 
the red team test results were not admissible for civil enforcement proceedings 
against airport and airline operators. Thomas continued: “[T]he FAA would only 
make the airlines accountable for failures to detect easy-to-find explosives 
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contained within standard testing protocols. ..the inability to detect a more con- 
cealed explosive from the Red Team would be disregarded. The only motivation 
for the airlines was to catch the standard items so as to avoid a letter of reprimand 
or a fine. Red Team testing in essence meant nothing” (2003, pp. 58—59). 

As a result of a Gore Commission recommendation, on October 9, 1996, 
Congress passed the Aviation Family Disaster Act of 1996 giving the NTSB the 
responsibility for aiding families of aircraft accident victims and coordinating the 
federal response to major domestic aviation accidents. 


AIRPORT SECURITY IMPROVEMENT ACT OF 2000 


By 2000, several legislative actions designed to enhance the aviation security sys- 
tem had passed. However, the implementation of many of these fell behind sched- 
ule. According to a National Academy of Sciences study, about 15,000 screeners 
were working in the United States at that time. The average pay for screening 
employees ranged from $5.25 per hour to $6.75 per hour with most screeners 
turning over every 2 months. One report indicated that the turnover rate at one 
airport was about 400% a year (globalsecurity.org, 2001). Section 302 of the 
1996 FAA Reauthorization Act directed the FAA to begin certifying screening 
companies, but the FAA did not issue a proposed rule to do this until January 
2000. The Airport Security Improvement Act of 2000 (ASIA) directed the FAA 
to issue the final rule to certify screening companies by May 31, 2001, a deadline 
the FAA missed. The rule was to certify companies that provided security screen- 
ing and to improve the training and testing of security screeners. It would have 
required companies to develop uniform performance standards for providing secu- 
rity screening services (globalsecurity.org, 2001). 

Airlines for America (A4A), formerly known as the Air Transportation 
Association, favored the proposed certification rule, arguing that the FAA should 
directly regulate screening companies to ensure full regulatory compliance and to 
improve screener performance. The A4A also believed the rule would help to 
assess performance deficiency penalties against the screening company rather 
than against the airline (globalsecurity.org, 2001). 

ASIA expanded the list of disqualifying offenses for security identification 
display area (SIDA) access and required all aviation employees to undergo a 
fingerprint-based CHRC. The legislation also allowed the aviation industry 
several years to implement the CHRC-for-all-personnel requirement. Access to 
the FBI’s database was still not at a point where the CHRC process would be 
expedient. By 9/11, implementation of this requirement was still in its infancy. 

ASIA also required the FAA to complete a rule that would hold individuals 
directly accountable for noncompliance with access control requirements, issue regu- 
lations requiring airport operators to have a security compliance program that 
rewards compliance, and ensure that airports and air carriers provide comprehensive 
and recurrent training while also teaching employees their role in airport security. 
These requirements would not be implemented until after 9/11. The act required the 
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FAA to assess security improvements at ATC facilities and to make cyber-network 
security improvements (Price, 2003, p. 36). ASIA also concentrated on maximizing 
the use of EDS machines. It was noted in ASIA that the deployed machines were 
screening fewer bags in a day than they were designed to screen in an hour. 

By the summer of 2001, the FAA was finalizing the FAR Part 107 Airport 
Security rewrite, incorporating many of the requirements of the ASIA 2000 legis- 
lation. On September 11, 2001, despite the 1996 and 2000 legislation, screening 
companies were still not being certified, performance standards or mandatory 
training for screeners still did not exist, nor were all airport and airline employees 
being subjected to a comprehensive CHRC. 


ATSA OF 2001 


The ATSA of 2001 was the nation’s first legislative response to the terrorist attacks 
on 9/11. Unlike previous legislation that had addressed aviation security, the 2001 
act implemented policies that went beyond the prevention of another 9/11-style 
attack. In the past, whenever there had been a significant attack on aviation, the 
subsequent legislation focused on measures to prevent the kind of attack that had 
just occurred. ATSA 2001 addressed preventative hijacking strategies and virtually 
every other component of the aviation security system, including passenger and 
baggage screening, air cargo security, and general aviation security. 

Much of the ATSA 2001 legislation was based on a GAO report issued on 
September 20, 2001, titled, “Aviation Security: Terrorist Acts Demonstrate 
Urgent Need to Improve Security at the Nation’s Airports” (GAO, 2001). The 
report summarized many of GAO aviation security recommendations for the past 
decade. These recommendations included improving airport access control 
systems, implementing screener training and performance standards, and tighten- 
ing processes for law enforcement officer credentials. This last recommendation 
permitted state and local law enforcement officers to fly armed on civil aircraft. 
The ATSA 2001 legislation addressed numerous issues including: 


1. Creating the TSA. 
2. Requiring federal government takeover of the screening process. 
3. Creating the position of federal security director (FSD) for each commercial 
service airport. 
. Creating an oversight board for the TSA. 
. Reinvigorating the air marshal program. 
. Requiring fingerprint-based CHRCs for all aviation employees with SIDA 
access. 
7. Requiring airports to develop screening programs for aviation employees 
before their entry into the SIDAs. 
8. Requiring the screening of all checked baggage using EDS technology, 
including the use of the passenger/baggage reconciliation process. 
9. Requiring that air cargo security be addressed. 
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10. Making it a federal crime to assault aviation employees with security duties. 
This includes screeners and any aviation employee with an SIDA access ID, 
because regulations require aviation employees to report violations of 
security regulations, thus making them part of the security process. 

11. Creating a $2.50-per-passenger fee to help airports cover security expenses. 

12. Developing technology to detect or neutralize chemical and biological 
weapons being carried on an aircraft. 

13. Requiring cockpit doors on commercial passenger airliners to be reinforced. 

14. Implementing security rules on charter flights for aircraft exceeding 
12,500 pounds. 

15. Requiring passenger manifests on international flights to be given to 
US Customs before the aircraft lands in the United States. 

16. Allowing five airports in the United States to conduct a pilot project using 
privatized screening workforces (that still must meet federal government 
training and performance standards). 

17. Calling for the development of a 9-1-1 phone system for aircraft. 


Since the passage of ATSA 2001, numerous developments have occurred. The 
following discussion summarizes the changes in relation to several of the points 
listed. 


TRANSPORTATION SECURITY ADMINISTRATION 


ATSA 2001 created the TSA to regulate not only aviation security but other 
modes of transportation. The agency was initially placed in the DOT, but because 
of criticism that the TSA would become too closely affiliated with the FAA and 
questionable connections to the airline industry, on March 1, 2003, the TSA 
became an agency of the new US DHS. The move was designed to mitigate the 
influence the aviation industry had over the DOT. 


FEDERAL GOVERNMENT TAKEOVER OF THE SCREENING 
PROCESS 


The quandary over how to manage airline screeners after 9/11 evolved into three 
possible solutions: 


1. Turn the existing private contract screeners into FAA employees, an idea that 
was quickly dismissed because the momentum after 9/11 was to take aviation 
security out of the hands of the FAA. 

2. Place the screeners into an existing law enforcement agency, such as 
US Customs or the US Border Patrol. 

3. Place the screeners under a new federal agency. 
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Ultimately, the screeners were hired, trained, and employed by the TSA. This 
decision effectively established the US government’s responsibility for screening 
passengers and baggage at the nation’s hundreds of commercial service airports. 
ATSA 2001 mandated that the transition from private screening companies to 
TSA personnel must be completed by November 19, 2002, a deadline that it met. 
The government continues to operate and regulate its own screening services. 

The TSA’s screening function is an odd mix, using a government agency as 
both the operator and the regulator of a function. The United States took the 
option to hire security personnel to work as federal government employees, rather 
than establishing rigid standards, then contracting out the security, which is inter- 
national practice. Overseas, even before 9/11, the Argenbright Corporation, which 
held numerous private screening contracts in the United States, also provided 
similar services at several airports in Europe. Because of the higher government 
standards, Argenbright personnel overseas were highly trained and held to rigid 
standards, which they met. In the United States, the standard of performance as 
mandated by US law and FAA policy was so low that the screening companies 
did not have to train their personnel or hold them to a higher standard. Because 
the airlines and not the government paid for the screening companies in the 
United States, there was little incentive to hire the “best and brightest,” and more 
expensive, screening workforce. Despite the international standard, there appeared 
to be strong public sentiment that any form of screening that resembled the 
pre-9/11 model would be a return to the inadequate screening systems of the past. 

The GAO examined security screening at five international airports known for 
having good screening practices and included some interesting points in their 
recommendations. These airports were in Belgium, Canada, France, the 
Netherlands, and the United Kingdom (GAO, 2001, p. 2). The GAO noted that 
responsibility for screening in these countries is placed with the airport authority 
or respective federal government, which then contracts out screening. Both Ben 
Gurion International Airport in Israel and London Heathrow International Airport 
are operated by airport authorities who contract out the security. In the case of 
Heathrow, the entire operation of the airport is managed by an external contract- 
ing service. 


CREATION OF THE FSD 


Before 9/11, the FAA administered the security enforcement function through its 
civil aviation security field offices (CASFOs). After 1990, the largest commercial 
service airports were assigned additional federal personnel. These individuals 
were known as federal security managers (FSMs) and were assigned to be a direct 
link between the airport operator and the FAA security branch in Washington, 
DC. An FSM was not part of the CASFO reporting structure. However, an FSM 
did have the authority to approve airport security processes. This created a 
conflict-based relationship between the “Cat X Agent,” which was the CASFO 
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agent responsible for overseeing the airport’s compliance with its ASP, and the 
FSM, who had the authority to override the CASFO’s guidance and directives, 
without being part of the reporting structure. ATSA 2001 attempted to resolve 
this conflict by assigning a new position titled the FSD, who is at the operational 
head of an airport’s federal security organizational chart. 

Whereas the initial plan called for an FSD at each commercial service airport, 
this plan was quickly downsized as the US Congress realized that many commer- 
cial service airports have very limited or seasonal service. FSDs are now at the 
large- and medium-hub airports in the United States. Other small-hub and nonhub 
airports are consolidated under regional FSDs. 


REVITALIZATION OF THE AIR MARSHAL PROGRAM 


On 9/11 there were approximately 33 active air marshals, mostly covering inter- 
national flights. Although the actual number is classified, public estimates now 
range at 5000+ for full-time employed air marshals. 


FINGERPRINT-BASED CHRCs 


This long-awaited policy was finally implemented with the proper technology and 
processes quickly being developed to enable all screeners and airport and airline 
employees to undergo a complete fingerprint-based CHRC. Through the use of 
computerized kiosks and the Transportation Security Clearinghouse operated by 
the American Association of Airport Executives, results of the CHRC are now 
sent back from the FBI in a few days as opposed to weeks or months. 


SCREENING AVIATION EMPLOYEES 


ATSA 2001 did not set a deadline for implementing screening for aviation 
employees, and the proposed programs are not without a few problems. Many air- 
ports already screen a percentage of their workers, including those accessing the 
sterile area through screening checkpoints. However, to screen the entire work- 
force at each airport (including air crews) requires billions of dollars of infrastruc- 
ture development and equipment acquisition and a greatly increased annual 
personnel and operating cost. Presently, the fingerprint-based CHRC is considered 
“screening” for aviation employees. Although some airports around the world do 
screen their employees, many of those airports are designed to minimize the num- 
ber of people in the SIDA, whereas airfields in the United States are not similarly 
designed. In 2008, the TSA embarked on an employee screening test program at 
several airports throughout the United States. That program is explained in more 
detail in Chapter 7, The Screening Process. 
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SCREENING CHECKED BAGGAGE 


Because of the production and deployment limitations of expensive explosive 
detection equipment, most airports could not meet the requirement of 100% EDS 
checked-baggage screening by the congressionally imposed deadline. However, 
airports were allowed to “meet” the criteria by using passenger/baggage reconcili- 
ation procedures, ETD technologies, or K-9 bomb detection teams. 


AIR CARGO SECURITY PROCEDURES 


Additional regulations covering air cargo security procedures were issued in 
August 2004 and went into effect in May 2006. 


SECURITY FEES 


Passenger security fees continue to increase. As of this writing, passenger security 
fees are $5 per person per flight route, for a maximum of two routes on any given 
airline trip. 


CHEMICAL AND BIOLOGICAL WEAPONS 


Numerous companies are aggressively pursuing government research contracts to 
develop chemical, biological, nuclear, and radiological detection technologies. 
Much of this research is in conjunction with technologies being tested to detect 
chemical/biological/radiological/nuclear (CBRN) materials at other transportation 
modes such as rail and subway stations. 


COCKPIT DOORS 


Cockpit doors have been redesigned and reinforced to prevent forced entry. In 
many cases, cockpit doors allow viewing, either by peephole or closed-circuit 
television (CCTV), from the cockpit into the cabin areas. Some aircraft, by 
design, do not have cockpit doors. Air carriers using these types of aircraft are 
still required to restrict access to the flight deck. 


GENERAL AVIATION CHARTER FLIGHTS 


The TSA’s 12-5 rule addresses security procedures for private and public charters 
and cargo operations for aircraft above 12,500 pounds. The TSA’s private charter 
rule addresses security procedures for privately chartered aircraft exceeding 
45,500 kg (100,309.9 pounds). 
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PASSENGER MANIFESTS ON INTERNATIONAL FLIGHTS 


Customs has used passenger manifest information such as name, date of birth, 
citizenship, gender, passport country of issuance, visa number, or resident alien 
card to cross-check names of passengers traveling to the United States against ter- 
rorist watch lists. In some cases, aircraft have been turned back or forced to land 
in a foreign country and debark certain passengers before continuing into the 
United States. Depending on the circumstances, authorities have allowed some 
aircraft with suspicious or wanted persons onboard to land within the United 
States. In these cases, authorities placed these individuals in custody. The pro- 
gram has evolved into the Advance Passenger Information System (APIS), which 
also includes the Crew Vetting Program, the master crew list, and the flight crew 
manifest. In Title 19 CFR Parts 122 and 178, airlines must transmit passenger 
manifest data to US Customs and Border Protection no later than 15 minutes after 
the departure of an aircraft bound for the United States. '° 


SCREENING PARTNERSHIP PROGRAM (AKA, OPT-OUT) 


The ATSA allowed five airports in the United States to conduct a pilot project 
using a privatized screening workforce, which was required to meet federal 
government training and performance standards. The private screening program, 
commonly called Opt-Out and referenced by the TSA as the Screening 
Partnership Program, continues to be successful according to several audit reports. 
The program experienced a slow start because of the lack of liability protection 
afforded to airports that elect to opt-out of their TSA-employed screeners. In 
2005, Congress passed legislation giving airports the long-sought-after liability 
protection. 


9-1-1 SYSTEM FOR AIRCRAFT 


The technology to allow the use of cell phones on aircraft has already been devel- 
oped and is used in limit by the business aviation community. Aircraft must be 
equipped with technology that reduces the strong, cellphone signal to a lower 
level, which better communicates with ground cell phone towers. This program 
continues to move forward. It has also created spin-off research, such as the 
ability to provide CCTV footage of the aircraft interior to personnel on the ground 
during an incident. 





10As of February 2008, aircraft operators can either submit passenger manifests to APIS no later 
than 30 minutes prior to securing aircraft doors for departure or using the APIS Interactive Quick 
Query, which allows transmission of manifest information as each passenger checks in, up to but 
no later than the time aircraft doors are secured. 
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AIR TRANSPORTATION SAFETY AND STABILIZATION ACT (2001) 


Just 11 days after 9/11, the government passed the Air Transportation Safety and 
Stabilization Act (ATSSA), which earmarked $15 billion to the aviation industry, 
including $5 billion in grants and $10 billion in secured loans. The act also reim- 
bursed the airlines for increased insurance premiums and limited compensation to 
the victims of 9/11 to $1.6 million each if the families waived their right to sue. 

The importance of this act to aviation security practitioners, particularly airline 
security managers, is the liability limitations and the limits on victim compensa- 
tion. Although the ATSSA was specific to the 9/11 attacks, it offers insight into 
how policy makers may address similar future issues. Of interest is that despite 
US federal funding to the airlines, the major air carriers fired or furloughed nearly 
20% of their staffs. This is perhaps the result of airlines exhibiting poor financial 
planning, taking advantage of federal subsidies, or demonstrating the extreme 
economic impact the airlines felt from the post-9/11 environment. Overall, at least 
100,000 aviation employees lost their jobs as a result of 9/11. 


HOMELAND SECURITY ACT OF 2002 


Shortly after 9/11, the US government established the ATSA of 2001. The signing 
was primarily as a stopgap in an attempt to fix the many existing problems in the 
aviation security system. However, policy makers were challenged and continue to 
be challenged with many questions, such as the following: Who is the enemy? 
How do we make difficult choices regarding the distribution of resources for home- 
land security? How do we pursue foreign policy that goes after the terrorists while 
also preventing the emergence of new terrorists? (Kean and Hamilton, 2006, p. 11). 

Much of the future policy regarding aviation security and homeland security 
stemmed from The 9/11 Commission Report. In other cases, policy makers would 
revisit previously commissioned reports and independent studies of security and 
terrorism in a search for answers on how to prevent attacks. One of those earlier 
commissions, the US Commission on National Security in the 21st century, better 
known as the Hart—Rudman Commission, became a focal point for developing 
homeland security policies. The Hart—Rudman report became a blueprint for the 
Homeland Security Act, which was passed in November 2002. The act brought in 
more than 22 government agencies from other departments including the TSA, 
the US Coast Guard, the US Customs Service, the Secret Service, the Federal 
Emergency Management Agency, the FBI’s National Infrastructure Protection 
Center (cyber-protection), the FPS,'' the Immigration and Naturalization Service 
(INS),'* and a new Bureau of Citizenship and Immigration Services. 

Some important considerations were made in the conclusions of the 
Hart—Rudman Commission. The first issue addresses homeland security as a 





"The FPS is a police force that guards federal buildings. 
The INS split into immigration enforcement functions under Border Security. 
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local, state, and federal responsibility. A fundamental precept of emergency man- 
agement is that emergencies must be handled first at the local level and that 
municipalities must be prepared to respond to a certain level of disaster or 
incident. Once the local resources are overwhelmed, the state then has the respon- 
sibility to assist and so on up to the federal government. The second point of the 
commission addresses disorganization in previous homeland security efforts. Each 
government agency at all levels had specific areas of responsibility for homeland 
security. These agencies were not centrally coordinated, nor functioning under a 
common vision. 

The mission of the DHS is to prevent terrorist attacks within the United 
States, reduce the vulnerability of the United States to terrorism, and minimize 
the damage and assist in the recovery from terrorist attacks that occur within the 
United States. Included in DHS’s primary responsibilities are information analysis 
and infrastructure protection; chemical, biological, radiological, nuclear, and 
related countermeasures; border and transportation security; emergency prepared- 
ness and response; and coordination (including the provision of training and 
equipment) with other executive agencies, state and local government personnel, 
agencies, and authorities, the private sector, and other entities (Kirkeby, 2006). 

Besides the creation of the DHS, other significant actions resulted from the 
Homeland Security Act, including arming commercial pilots, creating a liability 
protection program for companies involved in antiterrorist technologies, and a 
lessening of the deadline for the implementation of EDSs into airports. 

Title XIV of the Homeland Security Act of 2002 (P.L. 107—296), the Arming 
Pilots Against Terrorism Act, established a program to deputize qualified volun- 
teer commercial passenger airline pilots to serve as Federal Flight Deck Officers 
(FFDOs). FFDOs were assigned to defend the cockpit of an aircraft against acts 
of criminal violence or air piracy. 

The Support Anti-terrorism by Fostering Effective Technologies Act of 2002 
(commonly known as the SAFETY Act) recognized the need for new antiterrorism 
technologies and also recognized that the manufacturers of antiterrorism products 
and services would need certain liability protections to meet the nation’s growing 
antiterrorism needs. The SAFETY Act provides liability protections for companies 
that produce antiterrorism technologies or provide antiterrorism services in two 
ways. SAFETY Act designation limits the liability of a company to 90% of its insur- 
ance coverage. SAFETY Act certification also eliminates the manufacturer or 
provider of antiterrorism technologies from federal lawsuits where the product or 
service is involved. Insurance limits for aircraft operators were also addressed in the 
act. Title XII, Airline War Risk Insurance Legislation, extended the period during 
which the US secretary of transportation may certify an air carrier as a victim of 
terrorism (and thus subject to the $100 million limit on aggregate third-party claims) 
for acts of terrorism from September 22, 2001, through December 31, 2003. 

Title XVI of the Homeland Security Act corrected some areas of ATSA 2001 
by requiring the FAA and the TSA to conduct research and development activities 
of antiterror technologies; it directed the TSA to issue regulations regarding the 
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protection of SSI, opened up screener qualifications to include naturalized 
citizens, and increased the fine to $25,000 (from $11,000) for air carrier operators 
who violate aviation security regulations. 

Although not part of the Homeland Security Act itself, the government also 
addressed the issue of national crisis coordination through the creation of the US 
Northern Command. This command is a unit of the Department of Defense, 
overseeing the federal response to natural and human-made disasters. 


VISION 100: CENTURY OF AVIATION REAUTHORIZATION ACT 


The Vision 100: Century of Aviation Reauthorization Act, passed on January 7, 
2003, established or refined several programs related to aviation security—specif- 
ically in the areas of the government, aircraft operators, airport operators, and 
general aviation. Vision 100 directed the TSA to publish incidents and passenger 
complaints involving passenger and baggage screening. It also required the DHS 
to study the effectiveness of the transportation security system and required the 
government to establish the Air Defense Identification Zone around Washington, 
DC. The act required the TSA to conduct security audits of foreign aircraft repair 
stations to ensure compliance with proper security measures by those companies 
engaged in the maintenance of US aircraft. 

Vision 100 created guidance, which is now included in TSR Part 1503, 
pertaining to enforcement actions against airport and aircraft operators who are in 
violation of security regulations. Vision 100 also focused on the computerized 
passenger screening system known as CAPPS 2, which is part of the ATSA 2001 
legislation. Vision 100 placed several limitations on CAPPS 2, restricting it from 
being implemented until a thorough test phase was completed and both privacy 
concerns and the protection of passenger name records (PNRs) data could be 
ensured. 


Aircraft operators 

Vision 100 required air carriers to provide basic flight crew security training to 
prepare crew members for potential threat conditions. The subject areas in train- 
ing must include the following: 


1. Recognizing suspicious activities and determining the seriousness of any 
occurrence. 

2. Crew communication and coordination, and the proper commands to give 
passengers and attackers. 

3. Appropriate responses to defend oneself and use of protective devices 
assigned to crew members. 

4. Psychology of terrorists to cope with hijacker behavior and passenger 
responses. 

5. Situational training exercises regarding various threat conditions. 
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6. Flight deck procedures or aircraft maneuvers to defend the aircraft and cabin 
crew responses to such procedures and maneuvers. 

7. The proper conduct of a cabin search, including explosive device recognition. 
This requirement did not specify the nature of the training. 


At some airlines, this training was met with the use of a book, handouts, or a 
PowerPoint presentation. However, under Vision 100, aircraft operators must 
provide flight crew and crew members with the ability to take a voluntary course 
of advanced flight crew security training. The advanced training must include 
classroom and hands-on instruction. The subject areas must include the following 
elements of self-defense: deterring a passenger who might present a threat; 
advanced control, striking, and restraint techniques; training to defend oneself 
against edged or contact weapons; methods to subdue and restrain an attacker; the 
use of available items aboard the aircraft for self-defense; and appropriate and 
effective responses to defend oneself, including the use of force against an 
attacker. Vision 100 also extended the FFDO program to all-cargo aircraft pilots. 


Airport operators 
Vision 100 expanded the list of airport capital improvement projects eligible for 
federal funding to include projects to replace baggage conveyer systems related to 
aviation security; projects to reconfigure terminal baggage areas to facilitate the 
installation of EDSs; projects to enable the TSA to deploy EDSs behind the ticket 
counter, in the baggage sorting area, or in line with the baggage-handling system; 
and other airport security capital improvement projects. Previous to Vision 100, 
airport security projects were not listed as being eligible for federal funding. 
Vision 100 also created a funding source for airports needing security 
upgrades. The Aviation Security Capital Fund was created and funded to the level 
of $250 million, half of which is allocated to airport operators with the other half 
available as discretionary grants. The current allocation is 40% for large-hub 
airports, 20% for medium-hub airports, 15% for small-hub airports and nonhub 
airports, and 25% distributed by the TSA to any airport on the basis of aviation 
security risks. 


General aviation 


Vision 100 set forth the policy directing the TSA to generate a program by which 
general aviation aircraft would be allowed back into Ronald Reagan Washington 
National Airport. General aviation flights had been restricted since the 9/11 
attacks. Vision 100 also required the development of the air charter security 
programs for aircraft with a maximum certificated takeoff weight of more than 
12,500 pounds (eventually becoming known as the 12-5 rule) and clarified the 
alien flight training program, setting forth regulations on foreign nationals desir- 
ing to fly an aircraft in excess of 12,500 pounds. 

The act further required flight schools, including aviation colleges, individual 
flight instructors providing flight training, and entities providing flight simulation 
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training on aircraft exceeding 12,500 pounds, to conduct security awareness train- 
ing for their personnel. The Intelligence Reform and Terrorism Prevention Act of 
2004 (IRTPA) is best known for its creation of the director of national intelligence 
(aka, the intelligence czar). The act played a key role in expanding or clarifying 
several aviation security programs, including those that involve air marshals, 
checked-baggage screening, man-portable air-defense systems (MANPADs), and 
air cargo. IRTPA pushed forward previous ATSA mandates including the estab- 
lishment of a biometric uniform travel credential system for federal, state, and 
local law enforcement officers carrying weapons onboard an aircraft; the creation 
of the Transportation Worker Identification Credential; and the development of 
Secure Flight (the program replacing CAPPS 2). 

For in-flight protection, IRTPA directed the TSA’s technology division to 
study the viability of devices or methods enabling crew members to discreetly 
notify pilots in the case of security breaches or safety issues in the cabin, and to 
report on the costs and benefits of using secondary flight deck barriers and 
whether such barriers should be mandated for all air carriers. A secondary flight 
deck barrier provides an obstruction to cockpit access from the cabin and is par- 
ticularly useful when pilots must exit the cockpit to use the lavatory. Some air- 
lines have voluntarily installed their own secondary barriers (those airlines using 
the barriers are classified as SSI but any frequent traveler will see them in use on 
occasion). Many airlines solve the problem procedurally by blocking access to the 
cockpit using a beverage cart held in place by flight attendants. 

The act required the director of federal air marshals to promote operational 
practices that protect air marshal anonymity. However, a policy directive from the 
head of the federal air marshals allegedly required air marshals to dress in 
business professional attire rather than in a manner that would allow them to 
blend in with their environment. Little changed until the retirement of the air mar- 
shal director in charge at the time the policy was implemented. 

In relation to the air marshal program, the act also required that air marshals be 
trained to address in-flight counterterrorism. Training related to weapons-handling 
procedures and tactics were also to be provided to US federal law enforcement offi- 
cers who fly while in possession of a firearm. Additionally, the air marshal service 
was to ensure that TSA screeners, federal air marshals, and federal and local law 
enforcement agencies in US states that border Canada or Mexico receive training in 
identifying fraudulent identification documents, including fraudulent or expired 
visas or passports. The act also encouraged the US president to pursue international 
agreements that would allow air marshals on international flights and enable air 
marshals to train foreign law enforcement personnel in in-flight security practices. 
The act mandated the installation of security monitoring cameras in areas where 
checked-baggage screening is not publicly viewable. 

General aviation was affected by the act, particularly the charter industry, 
which was now required to implement the airline passenger prescreening system 
to general aviation charter flights. Private charter operators are required to 
perform their own screening, after being trained by the TSA. The prescreening 
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program compares the PNR data of individuals who rent, charter, or are passen- 
gers on an aircraft in excess of 12,500 pounds against the selectee and no-fly lists. 
Air cargo security was an issue first addressed in ATSA 2001. However, the 
IRTPA gave cargo security a direction and a specific outcome by requiring the 
TSA to issue revised air cargo regulation and develop technology to better 
identify, track, and screen air cargo. 


IMPLEMENTING THE RECOMMENDATIONS OF THE 
9/11 COMMISSION ACT OF 2007 


The passage of the 9/11 Commission Act of 2007 amended the 2002 Homeland 
Security Act and required the nation to implement certain recommendations of 
the National Commission on Terrorist Attacks Upon the United States (ie, the 
9/11 Commission), including the mandate for 100% screening of air cargo, the 
creation of intelligence fusion centers, and other requirements to improve intelli- 
gence sharing. The Act also established several avenues for the provision of grant 
money for homeland-security-related programs. Related to aviation, the Act 
required the government to strengthen the visa-waiver program and that the 
executive branch nominate a US government official to serve as the director of 
the Human Smuggling and Trafficking Center. 

This act would also greatly expand the TSA’s explosives detection canine 
teams. Today, hundreds of canine teams are deployed to airports and transporta- 
tion centers throughout the United States. Other requirements include: 


1. Clean up and provide a path of redress for misuse or errors on the no-fly and 
selectee lists, while pushing Secure Flight forward (this would also indirectly 
create the security threat assessment process). 

2. Establish in DHS the Checkpoint Screening Security Fund and establish a 
passenger fee to fund the purchase, deployment, installation, research, and 
development of equipment to improve the ability of security personnel at 
screening checkpoints to detect explosives. 

3. Extend funding for aviation security improvements including inline checked- 
baggage systems and other airport security technology improvements. 

4. Fund several research and development programs on bomb detecting and 
disrupting technologies. 

5. Direct the TSA administrator to develop a standardized threat and 
vulnerability assessment program for general aviation airports. 

6. Conduct pilot programs to identify technologies to improve security at airport 
exit lanes. 

7. Direct studies to improve and implement flight crew member security 
procedures at screening checkpoints (to make it easier for flight crews to go 
through the screening process) and push the administration to develop 
biometric-based identification for law enforcement officers flying on 
commercial aircraft (a reiteration of an ATSA 2001 requirement). 
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Since 2007, significant aviation security rulemaking has not occurred; 
although numerous bills have been introduced. As of this writing, at least three 
bills that could significantly affect aviation security rulemaking and practices are 
making their way through the US Congress. 


INTERNATIONAL AVIATION POLICIES 


This section should help security practitioners and aircraft operators understand 
certain international aviation security practices that may be useful when conduct- 
ing operations in certain foreign countries. However, this section is not meant to 
be a complete reflection of security practices in each country. Each country 
applies ICAO Annex 17 in a way deemed appropriate, and how one country, say 
Israel, applies security measures may differ widely from how other countries 
apply security measures. 


EUROPEAN UNION 


After 9/11, the European Union (EU) passed Regulation (EC) No. 2320/2002 of 
the European Parliament and the European Civil Aviation Conference (ECAC) 
on December 16, 2002. This regulation established standards for aviation secu- 
rity at all EU airports. The regulation is based on standards contained in ICAO 
Annex 17, the recommendations of the ECAC, and proposals by the European 
Commission (EC). Regulation (EC) No. 2320/2002 calls for 100% screening of 
all aviation employees who have contact or interaction with screened passengers 
or baggage; mandatory aircraft inspections and other aircraft protection 
measures; checked (hold) baggage screening; cargo; courier and express parcels 
screening; air carrier catering and cleaning staff vetting; general aviation secu- 
rity regulations; staff recruitment and training; and security equipment 
standards. 

Regulation (EC) No. 2320/2002 recognizes that one of the fundamental 
precepts of aviation security is the development of consistent international 
standards, recognizing that not all airports are of the same shape, size, and oper- 
ational nature, and that each airport’s unique qualities must be taken into 
account, particularly smaller airports, when establishing aviation security 
practices for each airport. The regulation standardized performance criteria for 
acceptance tests of aviation security equipment, detailed procedures for the 
protection of SSI, and detailed criteria for the exemption of certain security 
measures where applicable. 

Regulation (EC) No. 2320/2002 establishes a uniform civil aviation security 
program, approved by the appropriate federal government agency, which oversees 
compliance with regulations and has the power to increase security measures or 
exempt certain airports and air carrier operators from specific measures. 
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It establishes a uniform civil aviation security program for air carrier operators 
and restricts access to SSI, including performance criteria for security measures, 
and security equipment. 

Within the field of airport security, Regulation (EC) No. 2320/2002 calls for 
airport operators to control access to the airside portion of the airport and that 
security controls be applied to passengers, baggage, mail, cargo, courier, catering 
stores, and supplies. Carry-on and checked-baggage screening must also be 
conducted. 

Employees with airside access are subjected to a 5-year background check, 
which is repeated approximately every 5 years. Employees with airside access are 
also required to wear approved access media (identification cards bearing the 
wearer’s photo and other key information). 

Regulation (EC) No. 2320/2002 requires screening of all airport and airline 
personnel, including the flight crew, before being allowed access to a security- 
restricted area. Of interest is that the regulation allows each country to develop its 
own definition of security-restricted area and screening. This flexibility in policy 
is important in determining how an employee is screened. 

As mentioned, the screening of aviation employees, particularly flight crews, 
is a frequently debated topic. The mandatory screening of all aviation employees 
in a similar or the same manner as passengers are screened is common throughout 
the EU. However, many European airports have different definitions for a 
security-restricted area, as compared to US airports. Additionally, many European 
airports are constructed to minimize the number of employees who must access 
security-restricted areas. One specific requirement called for in the regulation is 
that any employee who conducts the screening of passengers or baggage must 
first be screened in the same manner that passengers are screened. 

With respect to passenger and employee screening, Regulation (EC) No. 2320/ 
2002 does specify additional random screening of personnel operating within 
security-restricted areas. For example, it is common practice at London Heathrow 
International Airport for passengers to be selected for additional security screen- 
ing at the boarding gate. The random screening may include a physical search of 
carry-on belongings and the use of metal detecting hand-wands. This policy was 
met with resistance in the United States and was tossed out a few years after 
9/11. Nevertheless, it is a commonly accepted best practice designed to prevent 
the introduction of a prohibited item that may have either slipped through the 
screening checkpoint or introduced by an aviation employee. 

Although aviation employees are also screened, certain prohibited items, 
including box cutters and knives, are still allowable within some of the shops and 
restaurants in the concourse sterile areas. It is conceivable that an employee 
acting in concert with a criminal or terrorist could pass along a prohibited item 
after the individual has cleared the screening checkpoint. This process is even 
doubly important in the United States, where many aviation employees are not 
required to pass through a screening checkpoint before entering the sterile area 
via an airside access door. 
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Physical security and patrols of the airfield, public terminal areas, and aircraft 
maintenance areas are standard practices under Regulation (EC) No. 2320/2002, 
as is perimeter fencing and CCTV monitoring for the protection of the airfield. 
Employees must also challenge other individuals not wearing an approved airport 
identification badge. 

Regulation (EC) No. 2320/2002 covering aircraft operator security specifies 
that aircraft must be searched before being placed into service. A security check 
conducted for aircraft executing a turnaround or transit stop is also required. Each 
member country may decide what consists of a search versus a check. Further, 
access to the aircraft must be controlled at all times while the aircraft is in 
service. When not in service, the aircraft doors must be secured, the aircraft 
pulled away from any passenger boarding bridge, or tamper evidence applied to 
the doors, and a physical security patrol must be conducted of the vicinity around 
the aircraft every 30 minutes. 

Passenger screening is conducted in much the same manner as in the United 
States, with passengers required to traverse WTMDs and to undergo screening of 
their carry-on bags through an X-ray machine. Passengers causing alarm may be 
separated for additional scrutiny, such as a pat-down or hand-wand search. Carry- 
on bags that present suspect X-ray images may also be selected for testing by an 
ETD device. Some airports are upgrading their X-ray equipment and installing 
whole-body imaging technology. 

Checked bags are subject to the passenger/baggage reconciliation requirement. 
However, some latitude in the physical screening of checked bags is allowed. 
Bags may be checked by hand search, conventional X-ray, EDS, ETD, or the 
Primary EDS. The United States, however, calls for 100% screening of checked 
bags by EDS technologies. 

Cargo security is addressed in Regulation (EC) No. 2320/2002 and focuses on 
the regulated agent as the key player in the cargo security process. The EU defines 
regulated agent as an agent, freight forwarder, or other entity who conducts business 
with an operator and provides security controls that are accepted or required by the 
appropriate authority in respect to cargo, courier, and express parcels or mail. 

Cargo must be searched by hand or physical check, screened by X-ray equip- 
ment, subjected to a simulation (depressurization) chamber, or subjected to other 
means, both technical and biosensory, including sniffers, trace detectors, and 
explosive detection dogs. However, these security controls do not apply to a 
known consignor, referred to as a known shipper in the United States. 

The carriage of mail is regulated in a manner similar to that used in the United 
States. Mail from an unknown shipper must be subjected to security controls such 
as screening, simulation chamber, or other means. Mail from a known shipper 
weighing less than a specific weight, containing life-saving materials such as 
human organs or high-value goods, carried on all-mail flights, or trans-shipment 
mail do not have to be screened. Air carrier mail such as internal dispatches or 
correspondence must be screened and controls applied to prevent the unauthorized 
introduction of other substances or items to company mail before it is shipped. 
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Airline catering companies require direct access to the aircraft cabin. Catering 
personnel often carry prohibited items such as box cutters in the performance of 
their duties and are responsible for delivering to the cabin food and beverages in 
sealed containers. For these reasons, catering services must be strictly supervised, 
both at the food preparation location to ensure that prohibited items are not intro- 
duced during food packaging, and at the aircraft delivery point to ensure that 
catering employees do not leave behind a prohibited item. Regulation (EC) No. 
2320/2002 requires airline catering companies to have a security manager and a 
security program to ensure that high-quality employees are hired. The regulation 
requires that background checks are conducted on all employees and that the 
catering facility is protected from unauthorized access. Further, if the catering site 
is off airport property, the security manager must ensure that the catering vehicles 
are not tampered with during transit to the airport. Random screenings should 
also be conducted on catered goods, both during the delivery process and while in 
storage. Similar procedures apply to airline cleaning companies and their supplies, 
storage facilities, and vehicles. 

As in the United States, general aviation aircraft operations are addressed in 
Regulation (EC) No. 2320/2002, but only with respect to preventing general avia- 
tion aircraft operations in commercial service airports. Passengers disembarking 
from general aviation aircraft must be screened before they are allowed onto a 
commercial service aircraft. General aviation aircraft must be parked as far away 
as possible from the commercial service portion of an airfield, and security 
controls put into place to prevent the unauthorized access from the general avia- 
tion aircraft area to the commercial service area. The regulation does not address 
security at general aviation airports. 

ICAO guidance addresses the employment of security personnel, including 
selection, knowledge, and training requirements. The EU recognizes the value of 
this guidance and similarly addresses specific standards in Regulation (EC) No. 
2320/2002. In the United States, only law enforcement officers and security screen- 
ing personnel must adhere to government standards for selection, knowledge, and 
training. Many other aviation job duties within the US aviation security system do 
not fall under federal governmental guidance or controls. The EU does provide 
beneficial guidelines for the selection, knowledge, and training of security officials 
by requiring (1) extensive experience in aviation operations, (2) national certifica- 
tion, (3) knowledge of security systems and access control systems, (4) ground and 
in-flight aircraft operator security, (5) preboard screening, (6) baggage and cargo 
security, (7) aircraft security and searches, (8) weapons and prohibited articles, 
(9) overview of terrorism, and (10) other areas that may enhance security awareness. 

The first requirement listed—extensive experience in aviation operations—is 
critical to protecting aviation. The US TSA was strongly criticized for placing 
individuals with little or no knowledge or experience in aviation operations into 
positions of creating and interpreting aviation security regulations, enforcing avia- 
tion security regulations, and developing operational standards and policies in the 
application of security. This resulted in numerous operational delays and the loss 
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of millions of dollars in some places as aircraft stood idle while federal employ- 
ees tried to make decisions and educate themselves on the nature of aviation 
operations. This initially created a great deal of friction between the TSA and 
airport and aircraft operators. 

Over time, the TSA is slowly being infused with individuals who do have 
aviation experience, and those who come from non-aviation industries are being 
educated on the nature of airport and airline operations. Although the airport or 
aircraft operator security practitioner does not always exert great influence on the 
federal government’s hiring decisions, the practitioner can make a special effort 
to help educate those within the federal structure about the economic impacts to 
the aviation industry when critical security decisions are being considered. 
Aviation security practitioners similarly should continue to educate themselves in 
the areas in which they regulate or operate. 

Finally, the EU recognizes that the training of flight crew in security aware- 
ness, and the certification of security equipment such as metal detectors and 
X-ray machines, should be standardized throughout the EU. 


EUROPEAN CIVIL AVIATION COMMISSION 


The ECAC is a regional grouping of ICAO contracting states. Founded in 1955, 
the ECAC’s objective is to promote the continued development of a safe, effi- 
cient, and sustainable European air transport system by standardizing civil avia- 
tion policies and practices among its member states. The ECAC promotes an 
understanding on policy matters between its member states and other parts of the 
world. The ECAC works in close conjunction with the ICAO and through 
the ECAC and the EU’s rulemaking capability; the ECAC has more leverage than 
the ICAO over its member states, using resolutions, recommendations, and policy 
statements. 

The ECAC establishes procedures generally well ahead of the ICAO and often 
draws on the experience of its members, many of whom are large industrial 
powers, when introducing or supporting new standards and recommendations 
(Wallis, 1993, p. 193). The ECAC is divided into two working groups: one group 
focusing on technology and the other on administration and operations. The 
United States and Canada both have permanent observer status in the ECAC. 
European and international aviation associations, such as the International 
Federation of Airline Pilots Association, will send their experts to ECAC meet- 
ings (Wallis, 1993, pp. 123—124). 

One important component in aviation security, domestic or international, is 
Annex 9—Facilitation (of Annex 17) of the ICAO Chicago Convention. Annex 9 
states that security controls should be applied in a manner to continue the expedi- 
tious movement of personnel, baggage, and aircraft through the system. Security 
controls that are too burdensome may provide a higher level of protection or 
significantly reduce risk. However, onerous security controls may hinder the expe- 
ditious movement of personnel and cargo through the aviation system. There is a 
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breaking point at which there is so much security that the advantages inherent in 
aviation are eliminated. Decisions about aviation policy should be carefully consid- 
ered so that, ultimately, practices are not adopted that eradicate the industry. 

The importance of the concept of facilitation cannot be overstated. In the early 
days of security measures, passenger and baggage screening meant passengers 
were hand-frisked and the contents of their bags were dumped onto a table for all 
to see. This violation of privacy was both unnecessary and at odds with the goal 
of making security practices effective and efficient. The introduction of WTMDs 
and X-ray machines was an important facilitation step that preserved the respect 
and privacy of the traveling public. 

After 9/11, passengers waited for hours to undergo screenings and were 
subjected to a higher level of scrutiny. Initially, US travelers were willing to accept 
the inconvenience of the longer wait times; however, patience wore thin after about 
6 months. The TSA was quickly expected to fix the security problems and continue 
to keep screening wait times to a minimum. Wait times gradually became shorter 
until August 2006 when the liquid bomb plot in the United Kingdom was discov- 
ered. Again, screening wait times increased, though for a shorter period as TSA 
and airport operators adjusted quicker to the new restrictions placed on the carriage 
of liquids and gels. At Denver International Airport, the average wait times rose to 
record levels in the morning after the London bomb plot was discovered, but by 
that same afternoon they had resumed normal levels. 

The lack of facilitation is also a contributing factor to in-flight passenger distur- 
bances. The frequency of these types of passenger disturbances increased shortly 
after the ban of liquids and gels took effect. With the removal of bottled water, lip 
balm, and similar conveniences that help passengers cope with the physical, 
emotional, and mental stresses of air travel, passenger disturbances increased, and 
facilitation was reduced. Long-range security planning, such as the identification of 
new methods and tools used by terrorists and the implementation of protective 
strategies and technologies ahead of time, will assist with the goal of facilitation. 

Aviation security practitioners can learn important lessons in facilitation from 
the ECAC. Being a smaller organization than the ICAO, the ECAC was able to 
better assist its members in the implementation of passenger/baggage reconcilia- 
tion. The ECAC publishes the Aviation Security Handbook, which addresses secu- 
rity practices regarding risk management, security measures, training and human 
factors, and cybersecurity. 


CANADA 


After 9/11, Canada also experienced a change of practices and organization in its 
aviation security system. Many of the US and Canadian systems are similar in 
structure and operation with a few exceptions. In the United States, the TSA is 
both the regulator and the operator of the screening function. Canada separates 
these two functions, specifying Transport Canada as the regulator and the 
Canadian Air Transportation Security Authority (CATSA) as the operator. 
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Transport Canada is similar to the US DOT in that the agency is the regulator and 
the policy maker for aviation security practices. However, in the United States the 
responsibility for aviation security has been shifted to the DHS to provide some 
separation between the TSA and the influences of transportation lobbying groups. 

Operating since April 1, 2002, CATSA is a crown corporation, a state- 
controlled company or enterprise, reporting to Parliament through the minister of 
transport. CATSA is responsible for passenger and baggage screening, including 
screening of airport and airline employees; deployment, operation, and mainte- 
nance of explosives detection equipment; airport policing; financing the Royal 
Canadian Mounted Police (RCMP) to provide air marshal capabilities and the 
issuing of access media; and financing the provision of law enforcement officers 
for airport security. CATSA conducts security services at 89 airports across 
Canada with more than 4000 contract employees. Similar to other common inter- 
national practices, CATSA is charged with the provision of screening and other 
security services and contracts with private firms to provide these services. 

Unlike the United States, where aviation security is largely funded from avia- 
tion revenues, CATSA is funded through parliamentary appropriations from the 
tax-funded Consolidated Revenue Fund. CATSA and its service providers rent 
their office and administrative spaces from airport operators, thus helping to 
support the local airport revenue base. 

In the United States after 9/11, airport operators were directed to provide 
office and administrative space to the TSA at no charge. Considering that “space 
equals revenue,” this was a considerable loss of revenue to many airports. 

The Canadian aviation security model is similar to the US model in that vari- 
ous agencies are given responsibility for protecting different elements of the 
system. In the Canadian model, no single agency is responsible for all facets of 
aviation security. However, Canadian airport authorities retain responsibility for 
perimeter security and apron, taxiway, and runway security, whereas airlines 
retain security for the check-in and departure areas. In-flight security is a shared 
responsibility of the airline, the RCMP, and CATSA. 

CATSA also operates a program whereby airport and airline employees are 
randomly screened throughout the restricted areas by teams of two CATSA 
employees. The screening consists of a check of the employees’ biometrically 
encoded restricted-area identification badge (ie, approved access media) and the 
use of a portable metal detection device. CATSA maintains a security communi- 
cations center similar to the Transportation Security Operations Center, located in 
Alexandria, VA, to provide quick reaction to aviation security incidents and 
monitor new and existing threats. CATSA further recognizes the value of facilita- 
tion in the provision of its security services and focuses on four performance 
areas in the provision of security services, consistency of screening practices, 
effective business practices including measurement of metrics and incident report- 
ing, cost effectiveness in resource allocation, and passenger service. 

As in the United States, Canada is assessing several threats and new programs 
for their potential impacts to aviation security. Among the threats is the 
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transportation of CBRN materials, an attack using such substances, and vulner- 
abilities associated with air cargo. Among the new measures Canada is assessing 
or testing to reduce higher levels of passenger scrutiny are the Registered 
Traveler Program, the use of no-fly and selectee lists, behavioral observation 
(profiling), Secure Flight, alternative airport layouts, and self-service checkpoints. 

CATSA does have a strategic security plan and works with Transport Canada 
on long-range funding for the financial stability of the agency. CATSA is also 
working on various screening staffing models in an attempt to achieve greater 
efficiencies in its screening operations. Canada must address some different secu- 
rity challenges than those experienced in the United States—especially as related 
to airport design and the processing of passengers, and in customs and immigra- 
tion practices. At the Vancouver International Airport, the international terminal 
is completely segregated by a large-window wall structure. Passengers arriving 
from or departing to the United States must stay on one side of the glass while all 
other international passengers and their flights stay on the other side. The segre- 
gation takes place immediately after check-in. Customs and immigration are han- 
dled separately with different processing for Canadian citizens, US passport 
holders, and all other nationalities. 

The cruise-ship industry has even affected the design of the Vancouver 
International Airport. To eliminate processing travelers arriving from the United 
States who are transitioning directly to US-registered cruise ships, a special level 
was constructed within the Vancouver International Airport terminal building 
whereby US travelers may go directly from their flights to busses that take them 
directly to their cruise ships. Their bags are also delivered to their ship directly, 
thereby reducing the number of bags that must be checked by customs. This 
results in passengers never “officially” entering or exiting the United States, thus 
reducing lines and congestion at immigration and customs. 

Similar to the US Visit Program, Canada is testing procedures to expedite the 
travel of frequent visitors to and from the country through CANPASS. Operated 
by the Canada Border Services Agency, CANPASS programs streamline customs 
and immigration clearance for low-risk, prescreened travelers. Commercial 
airlines allow CANPASS participants to pass quickly through Canadian customs 
and immigration at major Canadian airports, by meeting border clearance obliga- 
tions through retina recognition technology. There are similar programs for corpo- 
rate aircraft, private aircraft, personal watercraft, and remote border crossings. 


AUSTRALIA AND THE ASIA-PACIFIC RIM 


As with many other countries, the 9/11 attacks brought new policies and proce- 
dures to aviation security in Australia and the Asia-Pacific Rim countries. 
Aviation is particularly important to Australia as 99% of the country’s interna- 
tional passenger movements are conducted by air. Australian airports enplane 
about 16.5 million international passengers and 30 million domestic passengers 
per year. The Australian Parliament took several measures in response to the 
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US 9/11 attacks, most recently passing the Aviation Transport Security Act 2004, 
in an attempt to align their security standards with those of ICAO. Before 9/11, 
Australia had not implemented many of the baseline ICAO standards; however, 
the country also has not experienced significant attacks on its aviation structure. 

Australia’s aviation system is the responsibility of the Transport Security 
Department of the Australian government and reports to the minister for 
Transport and Regional Services (under the Department of Transport and 
Regional Services (DOTARS)). The Aviation Security Branch in DOTARS is 
responsible for the administration of the aviation security provisions of the 
Aviation Transport Security Act 2004 and Australia’s Aviation Transport Security 
Regulations. This is somewhat consistent with the ICAO recommendation that a 
national government entity be responsible for aviation security. As in Canada and 
in the pre-9/11 United States, the Australian security department reports to an 
overall transportation agency versus a security or justice agency. 

The Aviation Transport Security Act 2004 created the role of an inspector of 
Transport Security. The inspector is responsible for investigating security inci- 
dents, both in the aviation and maritime community. Many of the changes the act 
brought to Australian aviation security are similar to US measures, including an 
air marshal force to protect aircraft in flight, adding the requirement of 100% 
checked-baggage screening, improving passenger and carry-on baggage screening 
technology, mandatory background checks for aviation personnel, increased fund- 
ing for law enforcement officers at Australian airports, security measures for 
general aviation charter operations, and expansion of its canine explosives detec- 
tion programs. Australia also conducts a periodic audit titled the Aviation Security 
Risk Context Statement (AVSRCS). AVSRCS assesses current security risks and 
the environment of aviation security in the country. 

Many of Australia’s aviation security regulations mirror those of the United 
States, Canada, and the EU as they follow the general ICAO principles for estab- 
lishing an aviation security manager or director; implementing an ASP; establish- 
ing security-restricted areas and personnel identification systems; and following 
passenger, baggage, and cargo-screening practices. Significant attention is paid to 
conducting security risk assessments at Australian airports and aircraft operators, 
more so than in the other countries assessed. 

After 9/11, Australia’s government focused on tighter controls on air cargo, 
screened all laptop computers, and screened all property and personnel entering 
sterile areas. In 2002, Australia’s deputy prime minister for transport announced 
additional security measures including the screening of passengers and carry-on 
baggage at more airports, 100% checked-baggage screening for all international 
flights and domestic flights by the end of 2004, the placement of ETD technolo- 
gies at screening checkpoints, the use of threat image projection screening equip- 
ment, and an upgrade to aviation security at Christmas Island Airport and Cocos 
(Keeling) Islands Airport. 

In 2003, Australia expanded its aviation security identification card (ASIC) to 
all airports where passenger screening is required and for access to other 
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airport-related security-sensitive areas, such as fuel facilities and critical air con- 
trol facilities. Australia reissued all ASICs using tamper-evident technology and 
required ASIC holders to undergo security screening by the Australian Security 
Intelligence Organization to supplement existing criminal history checks. Aircraft 
operators were also required to harden their cockpit doors and protect access to 
the flight deck. 

The most recent activity related to aviation security in Australia is the 
Securing Our Regional Skies funding package. This initiative provides for 
Regional Australian Federal Police Protective Service Rapid Deployment Teams; 
new screening capability for 146 regional airports; a joint training and exercise 
program involving state, territory, and federal police; CCTV trials; improved 
security training for regional airline and airport staff; an aviation security public 
awareness campaign; and additional funding for hardened cockpit doors. 

Aviation security in other developed nations of the Asia-Pacific Rim follows 
closely with ICAO guidance and, in some areas, exceeds international standards. 
In Japan, some airports conduct checked-baggage screening before passengers 
arrive at the ticket counter, which may prevent an explosive device from being 
detonated in the terminal building. Also, in 2004, the Tokyo Narita Airport 
had already begun testing liquid explosives detection technology to determine 
if liquids being taken onboard aircraft were flammable, without unduly 
inconveniencing the traveling public. 





CONCLUSIONS 


Aviation security policies are developed largely through the guidance of the 
ICAO’s Annex 17, the security SARPs of the ICAO, and the passage of key legis- 
lative measures. Historically, many of the guidelines, policies, and laws created 
by these organizations and processes have been reactive to a recent attack on 
aviation. 

An outgrowth of the United Nations, the JCAO regulates civil aviation operations 
around the world. However, the ICAO is substantially limited in its enforcement of 
those operations and its own standards. The ICAO is based in Montreal, Canada, and 
has initiated four key conventions (Tokyo, The Hague, Montreal pre-9/11, and 
Montreal post-9/11) covering aviation-security policy measures. 

The development of aviation security policy in the United States began in the 
early 1970s in response to many hijackings of civil aircraft. Major policy devel- 
opments occurred in 1990 following the downing of Pan Am Flight 103 and PSA 
Flight 1771, the crashing of TWA Flight 800 in 1996, and again in 2001 after the 
9/11 attacks. Policy-making on aviation security has continued at a record pace 
since the passage of ATSA 2001, with new policies created in various funding 
acts and legislation, Homeland Security legislation, and intelligence reform bills. 
Internationally, aviation security largely follows ICAO guidance and is similar to 
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US aviation-security policy-making. Newly created legislation related to aviation 
security generally follows a recent terrorist incident or breach of security, due 
largely to the high cost to the public of implementing and administering advanced 
safety measures outlined in legislation. 

Since the 1970s, aviation security policy has undergone a notable change. 
Previously, nations only created new policies in light of a recent terrorist attack. 
After 9/11, proactive policy-making has become a trend in the United States and 
around the world. New forms of attack, such as suicide bombings in a terminal 
building, MANPAD attacks, and radiological dispersion devices, must be 
constantly assessed. However, significant lessons remain to be learned from the 
overall history of hijackings, bombings, and airport attacks on aviation. Looking 
forward to defend against new forms of attacks is important, but protecting 
aircraft and airports from attack remains fundamental. 





AVIATION MEETS INTELLIGENCE: A PUBLIC—PRIVATE PARTNERSHIP 


Robert P. Olislagers'* 


. ..ask not what your country can do for you — ask what you can do for your country 
JFK January 20, 1961" 


In this oft-repeated quote from his inaugural speech, President Kennedy implored citizens to 
take a greater role in civic action, and it bears repeating in the context of national security. Of 
course, JFK referred to volunteerism and public service, but if his exhortation were applied to our 
present state of affairs, it may be seen more as a matter of necessity rather than optimism. 
Today’s terror threats seem light-years removed from the hopeful days of Camelot. Yet, of terror 
JFK said, “Terror is not a new weapon. Throughout history it has been used by those who could 
not prevail, either by persuasion or example. But inevitably they fail, either because men are not 
afraid to die for a life worth living or because terrorists themselves came to realize that free men 
cannot be frightened by threats, and that aggression would meet its own response.” "° As fate 
would have it, terror ended Camelot. Through it, his words resound even more loudly today but 
with greater urgency and for different yet strikingly similar reasons. Relevant, because 
government cannot do it alone; nor should it. Public service is a duty, not for self but for the 
greater good. National security is part of that greater good and thankfully, there are brave men 
and women, in and out of uniform, who are not afraid to die for a life worth living—because they 
are free. 

For some, however, there is the belief that national security is solely the job of government, 
the intelligence community (IC), law enforcement, or the military. In preparing this essay, I was 
reminded of a conversation with a colleague a few years back, who firmly believed that security 
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at his airport was the responsibility of law enforcement, and by extension, the security of the 
nation the responsibility of the federal government. Upon further query, he explained that he had 
neither the resources nor the expertise, which begs the question; does one need resources and 
expertise to be involved in security? 

After the September 11 attacks on the World Trade Center and the Pentagon, the IC was 
reorganized with the goals of tearing down the silos that prevented the free flow of intelligence 
between them, and to coordinate all intelligence activities with the new ODNI. Some 17 
departments, including the newly minted DHS became part of the IC. The IC also reached out to 
state, local, tribal, and territorial partners. Intelligence Fusion Centers were established in every 
state and populated by joint task forces merging the capabilities of military, law enforcement, and 
intelligence under one roof. Taking the concept one step further, the DNI wanted to pair industry 
subject matter experts with intelligence analysts and cultivate relationships between the IC and the 
private sector in order to develop better intelligence products. The ADIAC has been up and 
running to do just that by assisting the aviation community with specific requests for information 
and analysis. ° After all, who would know better about anomalies in aviation than an aviation 
industry veteran? What may be normal behavior to an intelligence analyst may be a red flag to an 
airport manager, and vice versa. While ADIAC, which is a public—private partnership, goes deep, 
another public—private initiative, the “See Something—Say Something” program, intends to go 
wide. It was simply designed as a force multiplier by enlisting the public to report anything 
suspicious to law enforcement. The veracity of the program was demonstrated on May 1, 2010 
when New York street vendors and Vietnam veterans Lance Orton and Duane Jackson alerted 
security personnel of a smoking car that turned out to be a car bomb. They had no resources and 
no training; just heads on a swivel—seeing something and saying something. 

The myriad of resources available today, from the Transportation Security Inspectors of the 
TSA, to the aviation liaisons at the FBI assigned to every commercial service airport; to the 
fusion centers and local law enforcement, to the ADIAC; all are available to assist the airport 
professional with their security needs. These resources are for the asking and free of charge. 
Training or expertise is not required, merely common sense and a little bit of situational 
awareness. Every airport professional knows when something does not feel or look right; when a 
gate is left open or an unknown individual spends a lot of time taking photos of critical airport 


operating areas or aircraft. No one gets away anymore with only being interested in knowing how 
to fly the plane because landing it is not that important! Yet, there was a time when such a 
comment raised no more than an eyebrow. Getting involved is no longer an option but an 
imperative; it is no longer a voluntary exercise but a mandatory commitment. 
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The role of government in 
aviation security 


OBJECTIVES 


An essential responsibility for aviation security professionals is to understand and 
have a current working knowledge related to the functions of government in avia- 
tion security. This chapter introduces various roles and interactions that federal, 
state, and local government agencies have with airport security practitioners and 
other aviation-related law enforcement agencies. Readers will gain essential knowl- 
edge regarding the security functions of the Department of Homeland Security and 
the Transportation Security Administration. Special emphasis is placed on under- 
standing the development and implementation of transportation security regulations 
(TSRs) and other relevant forms of legislation. Students will gain an understanding 
of how government policy and regulations in aviation security affect the job 
responsibilities of various airport security personnel. Some security regulations are 
addressed in this chapter, while others relating directly to airport, aircraft operator, 
and air cargo security are addressed in their own chapters. 


INTRODUCTION 


The International Civil Aviation Organization recommends that each nation should 
have a national government organization charged with providing internal national 
security. For example, this type of national security agency in the United Kingdom 
is the Home Office, which has long handled a wide range of security responsibili- 
ties, including customs and immigration enforcement. In the United States, the 
Department of Homeland Security (DHS) is charged with providing internal 
national security for aviation, customs and immigration, the US president, specific 
federal facilities, and the US coastline. Protecting the homeland, however, is a 
responsibility that overlaps with numerous government agencies, including the 
Federal Bureau of Investigation (FBI), the Department of Defense (DOD), and the 
National Guard units, to name a few. Responding to major natural disasters or ter- 
rorist attacks is a security-related responsibility of the DHS, but again, many agen- 
cies engage resources to assist in this respect. The National Response Framework, 
formerly called the National Response Plan, outlines how the whole community of 
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responders (federal, state, local, and tribal) work together to prevent, protect, 
mitigate, respond to, and recover from natural and man-made disasters. 

As the regulating agency for US homeland security, the DHS oversees the 
US Transportation Security Administration (TSA). In turn, the TSA regulates 
transportation security, which includes rail, trucking, shipping, and aviation, in 
the United States. Since its establishment shortly after 9/11, the TSA’s primary 
focus has been aviation security; while attacks on rail and maritime systems 
are possible, aviation has remained the primary target. The TSA provides 
direction to airports and aircraft operators on compliance with federal regula- 
tions related to aviation security, embodied in Title 49, Part 1500, of the US 
Code of Federal Regulations. The regulations relate to airport and aircraft 
operator security, air cargo and general aviation (GA) security, and security 
for foreign air-carrier operations operating in the United States. The TSA also 
oversees airline and airport regulatory compliance and conducts the screening 
at US airports, either with their own personnel or contractors under the 
Screening Partnership Program. 

Before 9/11, the US Department of Transportation (DOT) through the 
Federal Aviation Administration (FAA) managed internal aviation security. 
The FAA employed a few hundred aviation security inspectors to oversee the 
security programs of airports and aircraft operators, with a director for civil 
aviation security in Washington, DC, and numerous civil aviation security 
field offices throughout the nation. At the TSA’s inception, the agency hired 
over 50,000 employees in its first 2 years of operation; most were screeners 
hired for passenger and baggage screening, and many former FAA security 
agents transferred to the TSA. Originally structured under the DOT, the TSA 
moved to the DHS in 2002 to insulate it from the lobbying pressures of the 
aviation industry and bring together those agencies charged with homeland 
security. 

Within the United States, each state has a department or division of trans- 
portation. Most also have a division of aeronautics focusing on aviation system 
planning and coordination of airport and airspace issues with the FAA. States 
can provide guidance and direction to airport operators and often provide fund- 
ing for airport capital improvement projects, independent of federal funding. 
Some states, such as Alaska, directly manage and operate their airports as part 
of the state transportation system, but this is the exception. Most airports are 
locally operated by a municipality or airport authority and managed by its 
employees. 


TRANSPORTATION SECURITY REGULATIONS 


After 9/11, the US federal aviation regulations governing aviation security 
were transferred to the TSA. These are now under Title 49 CFR, Part 1500—1562 
(currently, but can extend to 1699) Transportation Security Administration 
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Table 4.1 Overview of Transportation Security Regulations 
TSR Addressed in Chapter 
Subpart A: Administrative and procedural rules 


Part 1500, Applicability, Terms and Abbreviations 
Part 1502 Organization, Functions and Procedures 
Part 1508, Investigative Procedures and Enforcement 
Part 1507, Privacy Act Exemptions 

Part 1510, Passenger Civil Aviation Security Fees 
Part 1511, Aviation Security Infrastructure Fee 


Part 1515, Appeal and Waiver Procedures for Security Threat 
Assessments for Individuals 
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Subpart B: Security rules for all modes of transportation 


Part 1520, Protection of Sensitive Security Information 4 





Subpart C: Civil aviation security 


Part 1540, Civil Aviation Security: General Rules 
Part 1542, Airport Security (formerly FAR Part 107) 


Part 1544, Aircraft Operator Security: Air Carriers and 
Commercial Operators (formerly FAR Part 108) 


Part 1546, Foreign Air Carrier Security (formerly FAR 
Part 129) 


Part 1548, Indirect Air Carrier Security (formerly FAR 
Part 109) 


Part 1549, Certified Cargo Screening Program 


Part 1550, Aircraft Security Under General Operating and 
Flight Rules 


Part 1552, Flight Schools 
Part 1554, Aircraft Repair Station Security 
Part 1560, Secure Flight Program 


Part 1562, Operations in the Washington DC Metropolitan 
Area 
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Department of Homeland Security, Subparts A—C. They are listed in Table 4.1, 
along with their pre-9/11 counterparts, as applicable. These are sometimes 
referred to by their acronym, TSRs. 

The federal regulations can be found on government web sites, including 
www.ecfr.gov, so this section does not repeat verbatim the entire regulatory struc- 
ture. Instead, this section outlines key requirements and provides explanations 
when appropriate about the overall intent and application of certain regulations. 
Other regulations are addressed more fully in other chapters. Refer to the pub- 
lished regulations for more detailed requirements. 
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PART 1500: APPLICABILITY, TERMS, AND ABBREVIATIONS 


TSR Part 1500 contains general terms and abbreviations associated with TSRs. 
Some key terms include: 

Administrator means the Under Secretary of Transportation for Security iden- 
tified in 49 U.S.C. 114(b) who serves as the Administrator of the TSA. 

Person means an individual, corporation, company, association, firm, partner- 
ship, society, joint-stock company, or governmental authority. It includes a 
trustee, receiver, assignee, successor, or similar representative of any of them. 

TSRs mean the regulations issued by the Transportation Security 
Administration, in Title 49 of the Code of Federal Regulations, chapter XII, 
which includes Parts 1500 through 1699. 

TSA means the Transportation Security Administration. 

US, in a geographical sense, means the States of the United States, the District 
of Columbia, and territories and possessions of the United States, including the 
territorial sea and the overlying airspace. 


PART 1502: RESPONSIBILITIES OF THE ADMINISTRATOR 


Part 1502 gives the TSA Administrator the authority to carry out the duties of 
the position and to address the role of the Deputy Administrator. The Deputy is 
the “first assistant” and acts in the position of the Administrator in his or her 
absence. 


PART 1503: INVESTIGATIVE AND ENFORCEMENT PROCEDURES 


Part 1503 addresses the enforcement of TSRs and the process for opening and 
prosecuting a case against an individual or entity that may be in violation of the 
regulations. This section addresses reports made by the public of security pro- 
blems, deficiencies, or vulnerabilities, as well as when certain TSA personnel, 
such as a Transportation Security Inspectors (TSIs), initiate enforcement actions. 
Examples of such actions are: civil penalties assessed to an individual attempting 
to bring a weapon through a security screening checkpoint or an air carrier 
operator or airport operator who violates a section of the security program 
requirements. 

Part 1503 delegates the authority of the TSA Administrator to exercise and 
investigate issues of regulatory compliance to a variety of other individuals, 
including the TSA’s Chief Council, the Assistant Administrator for Inspections 
(and field TSIs), Federal Air Marshals (FAMs), and Federal Security Directors 
(FSDs). Note that Transportation Security Officers (TSOs) do not have the dele- 
gated authority to conduct or open investigations or to carry out enforcement 
actions. Enforcement actions are separated into Non-Civil Penalty Enforcement 
and Assessment of Civil Penalties. 
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Non-civil penalty enforcement 


Generally, if the TSA determines that a violation might have been committed, the 
TSA may take one of several actions. TSA inspectors may decide upon investiga- 
tion, that a violation did not take place; they may issue a “Warning Notice,” that 
recites available facts and information about the incident that may have been a 
violation; they may issue a “Letter of Correction,” that confirms the TSA’s deci- 
sion in the matter and state necessary corrective action the violator must take (or 
has agreed to take). Warning Notices and Letters of Correction are not subject to 
appeal. 


Assessment of civil penalties 


The TSA may initiate a civil penalty action by serving a Notice of Proposed Civil 
Penalty on the person (or entity, such as an air carrier or airport operator) charged 
with violating a TSA requirement. Prior to the issuance of a Notice, TSA person- 
nel can conduct an investigation of the incident through the Enforcement 
Investigative Report (EIR) process. The EIR is prepared by a TSA Inspector or 
other authorized agency official and details the results of an inspection or investi- 
gation of the alleged violation, including copies of any relevant evidence. Copies 
of certain elements of the EIR are sometimes made available to the alleged 
violator. 

The Notice of Proposed Civil Penalty contains a statement of the alleged facts; 
the statute, regulation, or order that was allegedly violated; the amount of the pro- 
posed civil penalty; and a certificate of service. The respondent must reply no 
later than 30 days after receipt, exercising one of the following options: 


1. Pay the fine by sending the TSA a certified check, or make payment 
electronically through http://www.pay.gov. 

2. Provide a written response to the TSA providing information and evidence, 
such as documents or witness statements, demonstrating that the regulation(s) 
were not violated or that the proposed penalty is unwarranted. 

3. Request a reduction to the civil penalty, which reflect a financial inability to 
pay or records showing that the fine would prevent the person (or entity) from 
continuing in business. 

4. Submit a written request for an Informal Conference to discuss the matter 
with the TSA’s designated attorney; any supporting evidence and information 
must be submitted to the attorney before the date of the conference. 

5. Submit to the TSA’s attorney and to the TSA’s Enforcement Docket Clerk a 
request for a Formal Hearing before an Administrative Law Judge (ALJ). 


Under Part 1503, a streamlined penalty process has been created for certain 
security violations. The TSA may serve Notice of Violation on individuals who 
violate a TSA requirement by attempting to bring a weapon, explosive, or incen- 
diary through screening at an airport or in checked baggage, when the amount of 
the proposed civil penalty is less than $5000. The Notice of Violation process, 
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however, still contains the right of the alleged violator to the above-listed options 
(ie, appeal, request for formal hearing.) 

Part 1503 is extensive and contains methods to request hearings, the rules of 
practice, including violation amounts in certain cases, the powers of the ALJ, and 
other related processes. Any individual or entity receiving the TSA Notice of 
Proposed Civil Penalty or Notice of Violation should review these regulations 
carefully. If found guilty of the violation outlined in the Notice of Proposed Civil 
Penalty, an individual or entity may be fined, or criminal prosecutions may also 
result. However, criminal penalties are addressed through federal, state, and local 
laws, not Part 1503. 

Fines are based on the nature of the violation and other variables, such as the 
experience of the violator with the aviation system. The TSA publishes an 
“Enforcement Guidance Sanction Policy” that fully articulates the various 
offenses, aggravating and mitigating factors, and the fine structure. This informa- 
tion is available on the TSA’s public web site. 

Violations are of minimum, moderate, or maximum severity. Each level has 
its own structure of fines depending on whether the offender is an individual, an 
airport operator, an aircraft operator, or a cargo agent. Fines per incident for air- 
craft operators range from $2500 for a minimum-level violation to up to $27,500 
for a maximum-level violation. Those for airports and cargo agents range from 
$1000 to $11,000 per incident, and fines for individuals range from $250 to 
$11,000 and higher, per incident. 

Aggravating and mitigating factors are considered in determining the level 
of fine, including the potential risk to security associated with the violation, the 
nature of the violation (inadvertent, deliberate, negligence), the individual’s or 
entity’s history of violations, the violator’s level of experience, and the attitude 
or disposition of the violator. The violator’s character or demeanor may also 
influence the way violations are handled. Table 4.2 lists some common 
violations. 

Aggravating factors in determining the severity of a violation for individuals 
include concealing a prohibited or illegal object; potential severity, type, or num- 
ber of weapons or explosives held illegally; and evidence of intent to interfere 
with or test the aviation security system. Mitigating factors may include voluntary 
disclosure, whether the violator is a juvenile, and whether other penalties have 
been assessed by civil or criminal courts. 

Aside from people attempting to bring prohibited items onto an aircraft, 
usually inadvertently, the most common violations stem from airport and air- 
craft operators who must uphold the regulatory standards of their security 
programs. These violations constitute a significant portion of those issued by 
the TSA. The TSA usually issues a violation after the TSA has brought the 
problem to the attention of the party for rectification and without an immedi- 
ate enforcement action. Enforcement actions result if the problem is repeated 
or is of such an egregious nature that immediate enforcement is deemed 
necessary. 


Table 4.2 Common Violations 


Individuals 


Entering sterile areas 
without being 
screened 


Failure to undergo 
secondary screening 
when directed 
Improperly entering 
security identification 
display areas (SIDAs) 
or airport operation 
areas (AOAs) 


Improper use of 
access media 


PART 1507—1515 





Airport 
Operators 


Failure to 
ensure airport 
security 
coordinator 
(ASC) fulfills 
duties 


Failure to train 
ASCs 


Failure to allow 
the TSA to 
inspect an 
airport 


Failure to carry 
out a security 
program 
requirement 
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Aircraft Operators 


Refusal to carry 
FAMs 


Failure to pay 
security fees 


Failure to prevent 
unauthorized access 
to secured area or 
to aircraft 


Failure to comply with 
requirements for 
carriage of an 
accessible weapon 
by an armed law 
enforcement officer 
(LEO) 
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Air Cargo 


Failure to produce a 
copy of the security 
program 


Failure to supply 
certification to the 
aircraft operator 


Failure to meet 
requirements for 
accepting cargo from 
an all-cargo carrier 
with an approved 
security program at a 
station(s) where cargo 
is accepted or 
processed 

Failure to transport 
cargo in locked or 
closely monitored 
vehicles 


Failure to notify the TSA of changes in the security program 


Parts 1507—1515 address a variety of administrative issues, including Privacy 
Act Exemptions, Passenger Civil Aviation Security Fees, the Aviation Security 
Infrastructure Fee, and Appeal and Waiver Procedures for Security Threat 
Assessments for Individuals. The Privacy Act Exemptions (Part 1507) protect cer- 
tain records and record-keeping systems from public disclosure, including The 
Transportation Security Enforcement Record System, which enables the TSA to 
maintain a system of records related to the screening of passengers and property. 
Additional records that are subject to protection are as follows: 


1. The Transportation Workers Employment Investigations System used for 
background checks on employees of transportation workers. 

2. The Personnel Background Investigation File System used for background 
checks on TSA personnel. 
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3. The Internal Investigation Record System includes records regarding 
investigations of allegations or appearances of misconduct of current or 
former TSA employees or contractors. 

4. The Correspondence and Matters Tracking Records, correspondence, 
inquiries, claims, and other matters presented to the TSA for disposition. 

5. The Freedom of Information and Privacy Act (FOIA/PA) Records System 
which enables the TSA to maintain records that will assist in processing 
access requests and administrative appeals under FOIA and access. 

6. The General Legal Records System maintains records used by TSA attorneys 
to perform their functions within the office of Chief Counsel, including legal 
advice, responses to claims filed by employees and others, records relating to 
litigation, and in the settlement of claims. 

7. The Federal Flight Deck Officer (FFDO) Record System, which includes 
records of FFDO applications, selection, training, and requalification of pilots. 

8. The Registered Traveler Operations Files contains records of prescreened 
volunteer travelers using advanced identification technologies and conducts a 
security threat assessment (STA) to ensure that the volunteer does not pose a 
security threat. ' 

9. The Transportation Security Intelligence Service (TSIS) Operations Files 
maintains records related to intelligence gathering activities that are used to 
identify and investigate or prevent violations of transportation security laws. 
TSIS also contains records relating to determinations about individuals’ 
qualifications, eligibility, or suitability for access to classified information. 

10. The Secure Flight Records system maintains records related to watch-list 
matching, for passengers and others entering an airport Sterile Area. 


Passenger Civil Aviation Security Fees (Part 1510) describes the imposition of 
security service fees on passengers traveling on a domestic or foreign air carrier. 
As of 2016, the fee structure is $5.60 per one-way trip or $11.20 for a round-trip. 
This fee is noted as the “September 11 Security Fee.” Fees are collected by the 
air carriers, for scheduled passenger or public charter operations in aircraft config- 
ured for more than 60 seats, or aircraft configured for less than 61 seats when 
enplaning from, or deplaning into, a sterile area. Fees are remitted to the TSA 
each calendar month, and air carriers must provide the TSA quarterly reports 
detailing the collection of the fees. 

The Aviation Security Infrastructure Fee (Part 1511) describes the imposition 
of fees on all domestic and foreign air carriers. From November 2001 through 
September 2014, the TSA imposed the fee on air carriers, equal to the cost of pas- 
senger and property screening in calendar year 2000 (the year prior to the creation 
of the TSA, which then took over screening functions). The authority to impose 
this fee was repealed on October 1, 2014. 





'Today, the TSA refers to the overall program as Risk-Based Security. Registered Traveler is now 
known as Precheck. 
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The Appeal and Waiver Procedures for Security Threat Assessments for 
Individuals (Part 1515) describes the process for individuals who have undergone 
an STA, which is necessary to obtain certain airport or air carrier credentials, and 
have received an Initial Determination of Threat Assessment or an Initial 
Determination of Threat Assessment with Immediate Revocation as a result of the 
assessment. This section also applies to air cargo personnel who work for certain 
aircraft operators, foreign air carriers, direct air carriers, or certified cargo screen- 
ing facilities. 


PART 1520: PROTECTION OF SENSITIVE SECURITY INFORMATION 


The Air Transportation Security Act of 1974 created the designation: Sensitive 
Security Information (SSI), which allows the FAA to share intelligence informa- 
tion with airport operators and air carriers. After 9/11, SSI was expanded to 
include all modes of transportation. SSI is information that, if publicly released, 
would be detrimental to transportation security, as defined in Part 1520. SSI fits 
into a category considered “sensitive but unclassified.” While SSI information 
does not meet the criteria for “classified” material, such as those materials used 
by the US military and federal government (notably “confidential,” “secret,” and 
“top secret”), SSI is not intended for public disclosure and therefore should not 
be publicly disseminated. 

SSI includes information obtained or developed in the conduct of security 
activities, including research and development, the disclosure of which would: 
(1) constitute an unwarranted invasion of privacy, including personnel or medical 
files; (2) reveal trade secrets or privileged or confidential information obtained 
from any person; or (3) be detrimental to transportation security. Examples of SSI 
that directly relate to aviation security include TSA-approved security programs, 
such as the Airport Security Program (ASP), the Aircraft Operator Standard 
Security Program, the Indirect Air Carrier (IAC) Standard Security Program, 
Security Directives (SDs), Information Circulars (ICs), technical specifications 
of security equipment, and vulnerability assessments. A complete list is below. 


Covered persons 

The rules governing the use and dissemination of SSI material apply to all regu- 
lated parties and anyone receiving SSI, generally known as Covered Persons. The 
TSA defines a Covered Person (related to aviation security) as: 


1. An airport operator (under Part 1542), an aircraft operator (under Part 1544), 
or certain fixed base operators and armed security officers (under Part 1562). 

2. An IAC or certified cargo screening facility (CCSF). 

3. A computer reservation system or global distribution system personnel 
handling airline passenger information. 

4. Those participating in a national or area security committee established 
under 46 U.S.C. 70112. 
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5. Industry trade associations that represent covered persons and have entered 

into a nondisclosure agreement with the DHS or DOT. 

6. Individuals and companies conducting research and development activities 
related to aviation and who are approved, accepted, funded, recommended, 
or directed by the DHS or DOT. 

. Each person who has access to SSI. 

8. Persons employed by, contracted to, or acting for a covered person, 
including a grantee of the DHS or DOT, and including a person formerly in 
such a position. 

9. Each person for which a vulnerability assessment has been directed, created, 
held, funded, or approved by the DOT, DHS, or that has prepared a 
vulnerability assessment that will be provided to the DOT or DHS in support 
of a Federal security program. 

10. Each person receiving SSI. 


Covered Persons also have a duty to notify the TSA (or DHS or DOT) when 
these individuals become aware that SSI has been released to unauthorized per- 
sons. SSI documents must be strictly controlled with distribution and dissemina- 
tion restricted to those with an operational “need to know.” Need to know” is 
addressed in 1520 and generally includes those requiring access to carry out trans- 
portation security activities, those training others to carry out such activities, those 
supervising or otherwise managing those carrying out transportation security 
activities, those needing to provide technical or legal advice to a covered person, 
or any individual who represents a covered person in connection with judicial or 
administrative proceedings. The TSA may make access to SSI contingent upon 
completing a security background check or other requirements. 

Items (7) and (10) above are particularly interesting as they typically include 
airport or air carrier employees, tenants, vendors, and contractors at airports or 
airlines. When one of the aforementioned is issued an SIDA badge, they must 
undergo SIDA training—certain elements of the SIDA training program are con- 
sidered SSI. All Covered Persons (those that have been entrusted with SSI) are 
required to safeguard that information and control it from unauthorized 
disclosure. 


~ 


Categories of SSI 


Violating Part 1520 may result in civil penalties or other enforcement action by 
the DHS. The individual may also be required to take corrective actions, such as 
retrieving the compromised information. The 16 categories of SSI, as related to 
aviation security, are as follows: 


1. Security programs and contingency plans (such as the ASP and the Aircraft 
Operator Standard Security Program). 
2. SDs. 





Reference 1520.11 for the exact definitions. 
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3. Performance specifications of equipment used in the detection process, such 
as screening technologies. 

4. ICs, which include information that is advisory in nature, about a potential 
threat, or contains suggested practices. 

5. Vulnerability assessments, created, funded, or approved by the DOT or DHS. 

6. Security inspection or investigative information (including incidents, 
violations, or inspections that might reveal a security vulnerability). 

7. Threat information concerning threats against aviation infrastructure, 
including cyber infrastructure. 

8. Security measures recommended by the Federal government, including air 
marshal, Armed Security Officer, and FFDO deployments. 

9. Security screening information (screening procedures, selection criteria, 
no-fly and selectee lists, security screener tests and results, performance data 
from screening equipment, electronic images on TSA-owned screening 
equipment). 

10. Security training materials (eg, SIDA training records). 

11. Identifying information of certain security personnel (individuals issued an 
SIDA badge, TSOs, FAMs, and FFDOs). 

12. Critical aviation infrastructure asset information (any list identifying systems 
or assets, physical or virtual, that is vital to the aviation system, which the 
incapacity or destruction of such would have a debilitating impact on 
transportation security). 

13. Systems security information, including any information involving the 
security of operational or administrative data systems operated by the federal 
government and critical to aviation security (including automated security 
procedures and systems). 

14. Confidential business information (bid information submitted to DHS or 
DOT, trade secret or commercial information, or financial information 
requested by DHS or DOT). 

15. Research and development. 

16. Other information not otherwise described that TSA determines is SSI. 


Note: even if only one sentence in a document or presentation includes SSI, 
every page must be marked as SSI. 


SSI handling requirements 


Paper records containing SSI must be conspicuously marked at the top and bot- 
tom with the Protective Marking: SENSITIVE SECURITY INFORMATION. The 
SSI record or document must also include a Distribution Limitation Statement at 
the bottom, which reads: 


WARNING: This record contains Sensitive Security Information that is con- 
trolled under 49 CFR parts 15 and 1520. No part of this record may be dis- 
closed to persons without a “need to know,” as defined in 49 CFR parts 15 
and 1520, except with the written permission of the Administrator of the 
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Transportation Security Administration or the Secretary of Transportation. 
Unauthorized release may result in civil penalty or other action. For U.S. gov- 
ernment agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR 
parts 15 and 1520.° 


The outside of any front and back cover, including binders or folders, any title 
pages and each page of the document must also contain the Protective Marking 
and the Distribution Limitation Statement. Nonpaper records containing SSI, such 
as films, video, or audio recordings, and electronic and magnetic records, must be 
clearly and conspicuously marked with the Protective Marking and the 
Distribution Limitation Statement so the viewer or listener is reasonably likely to 
see or hear them. SSI must be secured when not in use, either locked in a file cab- 
inet, or if stored electronically, password protected. 

Once SSI is no longer needed and it is appropriate to destroy the record, the 
record must be completely destroyed to preclude recognition or reconstruction of 
the information. Often, State and local governments or entities have different 
record retention requirements than the Federal government. Part 1520 does not 
require personnel to destroy SSI that is required to be retained or preserved by a 
State or local government. 


Managing SSI 

Airport and aircraft operator security personnel often must disseminate informa- 
tion contained in TSA-issued SDs, or within their own security programs, all of 
which are considered SSI, so it is essential that personnel understand the dissemi- 
nation, marking, and control standards for SSI. The TSA publishes two handouts 
covering best practices for both DHS and non-DHS employees and contractors 
handling SSI. Current versions are usually available on the TSA web site (the bro- 
chures themselves are not SSI). 

Determining the distribution of a security program or an SD can be politically 
sensitive for the security manager. Individuals within an airport or air carrier gov- 
erning structure or senior management outside of the operations or security 
departments may feel they should have a copy of the document, although they do 
not have a valid need for it. Overall, security practitioners should, to the extent 
possible, limit the distribution of any SSI document. Distribution becomes more 
challenging with the ASP, which is periodically updated or amended. Updates 
require the outdated information to be removed, accounted for, or destroyed, and 
the new information to be input into each issued copy of the ASP. Typically, the 
airport director, airport operations manager, and security and law enforcement 
personnel receive copies of the ASP. Air carrier station managers may also 
receive a copy of the complete ASP. If there is an update to an SSI document 





ĉIndividuals handling SSI must know the current rules, proper markings, and the most current 
Distribution Limitation Statement, so the information here is listed for reference only, not to be 
taken as the complete word on the subject. Always reference Title 49 CFR Part 1520 and any 
related SDs for the most up to date requirements on the protection and handling of SSI. 
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such as an ASP, the original copies should be returned to the security manager 
for destruction, usually via shredding or controlled burning. 

Other airport tenants, vendors, and contractors should receive a desensitized 
version of the ASP. These edited ASP documents are sometimes referred to as 
participant manuals or tenant manuals. Participant Manuals include non-SSI 
information about the ASP important to airport tenants, vendors, and contrac- 
tors, such as the processes for filling out airport ID badge applications, key 
points-of-contact for airport security, operations, and law enforcement person- 
nel, hours of operation for the security badging office; and procedures for delet- 
ing an employee’s access from the security system when one of their employees 
no longer works for the company are typical topics included in the participant 
manual. A Participant Manual allows for more efficiency at the badging office 
and reduces the number of SSI documents. In some cases, a security manager 
may ask a tenant, air carrier, contractor, or other individual to whom they are 
releasing SSI, to sign a current version, of the DHS Nondisclosure Form 
11000-6. When an SD is issued, often it contains data meant for multiple audi- 
ences, such as airport police, the badging or credentialing staff, airport opera- 
tions personnel, and others. 

Since SSI can only be distributed to those with a need to know, it would not 
be appropriate nor authorized in many cases, to distribute an entire SD to all par- 
ties with requirements under the SD. To then properly disseminate the SSI data 
within an SD, the airport or aircraft operator security manager often will create 
their own SSI memorandums, including only the information applicable from the 
SD, to each individual work group (ie, police, badging office). 

Most SSI data that airports and air carriers receive comes from the TSA or is 
approved by the federal government, and the Federal Security Manager has final 
authority regarding SSI. Any questions regarding the distribution or handling of 
SSI should be directed to the FSD or senior TSA regulatory officer. 


PART 1540: CIVIL AVIATION SECURITY: GENERAL RULES 


Prior to 9/11, the regulated agencies in aviation security included airports and 
domestic air carriers, foreign air carriers with service to the United States, and 
IACs (cargo shippers). However, there was not a specific regulation that 
addressed individuals within the aviation security system, such as employees of 
airports, airlines, contractors and vendors, other tenants at the airport, and passen- 
gers or others that may come into contact with an element of civil aviation secu- 
rity. Title 49 CFR Part 1540 Civil Aviation Security: General Rules was created 
to fill this gap, by incorporating the notion of individual accountability into the 
system. Part 1540 includes many of the definitions that are used throughout the 
aviation security regulations, addresses the responsibilities of passengers and 
other individuals and persons (sic), the process of the STA and responsibilities of 
entities holding a TSA-approved security program. 
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Definitions under Part 1540.5 


1. 


10. 


11. 


12. 


AOA means a portion of an airport, specified in the ASP, in which security 
measures specified in this part are carried out. This area includes aircraft 
movement areas, aircraft parking areas, loading ramps, and safety areas, for 
use by aircraft regulated under 49 CFR part 1544 or 1546, and any adjacent 
areas (such as GA areas) that are not separated by adequate security systems, 
measures, or procedures. This area does not include the secured area. 


. Aircraft operator means a person who uses, causes to be used, or authorizes 


to be used an aircraft, with or without the right of legal control (as owner, 
lessee, or otherwise), for the purpose of air navigation, including the piloting 
of aircraft, or on any part of the surface of an airport. In specific parts or 
sections of this subchapter, aircraft operator is used to refer to specific types 
of operators as described in those parts or sections. 


. Airport operator means a person who operates an airport serving an aircraft 


operator or a foreign air carrier required to have a security program under 
part 1544 or 1546 of this chapter. 

ASP means a security program approved by the TSA under §1542.101 of this 
chapter. 


. Airport tenant means any person, other than an aircraft operator or foreign 


air carrier, who has a security program under part 1544 or 1546 of this 
chapter, who has an agreement with the airport operator to conduct business 
on airport property. 


. Airport tenant security program means the agreement between the airport 


operator and an airport tenant that specifies the measures by which the 
tenant will perform security functions, and approved by the TSA, under 
§1542.113 of this chapter. 


. Approved, unless used with reference to another person, means approved by 


the TSA. 

Cargo means property tendered for air transportation accounted for on an air 
waybill. All accompanied commercial courier consignments, whether or not 
accounted for on an air waybill, are also classified as cargo. Aircraft 
operator security programs further define the term “cargo.” 

CCSF means a facility certified by the TSA to screen air cargo in 
accordance with part 1549. As used in this subchapter, CCSF refers to the 
legal entity that operates a CCSF at a particular location. 

Certified cargo screening program means the program under which facilities 
are authorized to screen cargo to be offered for transport on certain 
passenger aircraft in accordance with 49 CFR part 1549. 

Checked baggage means property tendered by or on behalf of a passenger 
and accepted by an aircraft operator for transport, which is inaccessible to 
passengers during flight. Accompanied commercial courier consignments are 
not classified as checked baggage. 

Escort means to accompany or monitor the activities of an individual who does 
not have unescorted access authority into or within a secured area or SIDA. 


13. 


14. 


15. 
16. 


17. 


18. 


19. 


20. 


21. 
22. 


23. 
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Exclusive area means any portion of a secured area, AOA, or SIDA, 
including individual access points, for which an aircraft operator or foreign 
air carrier that has a security program under part 1544 or 1546 of this 
chapter has assumed responsibility under §1542.111 of this chapter. 
Exclusive area agreement means an agreement between the airport operator 
and an aircraft operator or a foreign air carrier that has a security program 
under part 1544 or 1546 of this chapter that permits such an aircraft operator 
or foreign air carrier to assume responsibility for specified security measures 
in accordance with §1542.111 of this chapter. 

FAA means the Federal Aviation Administration. 

Flight crew member means a pilot, flight engineer, or flight navigator 

assigned to duty in an aircraft during flight time. 

IAC means any person or entity within the United States not in possession of 

an FAA air carrier operating certificate, who undertakes to engage indirectly 

in air transportation of property, and uses for all or any part of such 
transportation the services of an air carrier. This definition does not include 
the US Postal Service (USPS) or its representative while acting on the behalf 
of the USPS. 

Loaded firearm means a firearm that has a live round of ammunition, or any 

component thereof, in the chamber or cylinder or in a magazine inserted in 

the firearm. 

Passenger seating configuration means the total maximum number of seats 

for which the aircraft is type certificated that can be made available for 

passenger use aboard a flight, regardless of the number of seats actually 

installed, and includes that seat in certain aircraft that may be used by a 

representative of the FAA to conduct flight checks but is available for 

revenue purposes on other occasions. 

Private charter means any aircraft operator flight— 

a. For which the charterer engages the total passenger capacity of the 
aircraft for the carriage of passengers; the passengers are invited by the 
charterer; the cost of the flight is borne entirely by the charterer and not 
directly or indirectly by any individual passenger; and the flight is not 
advertised to the public, in any way, to solicit passengers. 

b. For which the total passenger capacity of the aircraft is used for the 
purpose of civilian or military air movement conducted under contract 
with the Government of the United States or the government of a foreign 
country. 

Public charter means any charter flight that is not a private charter. 

Scheduled passenger operation means an air transportation operation 

(a flight) from identified air terminals at a set time, which is available to the 

public and announced by timetable or schedule, published in a newspaper, 

magazine, or other advertising medium. 

Screening function means the inspection of individuals and property for 

weapons, explosives, and incendiaries. 
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24. Screening location means each site at which individuals or property are 
inspected for the presence of weapons, explosives, or incendiaries. 

25. Secured area means a portion of an airport, specified in the ASP, in which 
certain security measures specified in part 1542 of this chapter are carried 
out. This area is where aircraft operators and foreign air carriers that have a 
security program under part 1544 or 1546 of this chapter enplane and 
deplane passengers and sort and load baggage and any adjacent areas that 
are not separated by adequate security measures. 

26. SIDA means a portion of an airport, specified in the ASP, in which security 
measures specified in this part are carried out. This area includes the secured 
area and may include other areas of the airport. 

27. Standard security program means a security program issued by the TSA that 
serves as a baseline for a particular type of operator. If the TSA has issued a 
standard security program for a particular type of operator, unless otherwise 
authorized by the TSA, each operator’s security program consists of the 
standard security program together with any amendments and alternative 
procedures approved or accepted by the TSA. 

28. Sterile area means a portion of an airport defined in the ASP that provides 
passengers access to boarding aircraft and to which the access generally is 
controlled by the TSA or by an aircraft operator under part 1544 of this 
chapter or a foreign air carrier under part 1546 of this chapter, through the 
screening of persons and property. 

29. Unescorted access authority means the authority granted by an airport 
operator, an aircraft operator, a foreign air carrier, or an airport tenant under 
part 1542, 1544, or 1546 of this chapter, to individuals to gain entry to, and 
be present without an escort in, secured areas and SIDA’s of airports. 

30. Unescorted access to cargo means the authority granted by an aircraft 
operator or IAC to individuals to have access to air cargo without an 
escort. 


Responsibilities of passengers and other individuals and persons 


Part 1540.103 Fraud and intentional falsification of records prohibits individuals 
who apply for a credential that allows access to a security area from falsifying an 
application or any other record related to the issuance of access credentials. False 
entries in records required to be kept by the TSA to demonstrate compliance with 
a regulation, or reproduction or alteration of any report, record, security program, 
access medium, or identification medium issued under this subchapter, is also 
prohibited. It is a violation under this section to falsify airport or air carrier access 
media, including affixing stickers or personal mementos to identification badges. 
In order to receive airport access media, applicants must provide Personally 
Identifiable Information to the Airport or Aircraft Operator. Aircraft Operators 
must also attest to the airport or Aircraft Operator that an applicant has passed a 
fingerprint-based CHRC and is authorized to receive airport access/ID media for 
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airline employees based at the airport.* Pre-9/11, FAA investigations discovered 
two disturbing trends: 


1. Applicants would willingly provide false information (usually illegal aliens 
who were not authorized to work in the United States) so that they could 
receive airport access/ID media. 

2. Tenants and some air carriers would falsely verify that the background check” 
had been conducted on their employees, when in fact it was not. 


Unfortunately, post-9/11, neither of these trends has completely gone away. 
The TSA issued an SD in 2007 on this practice, and airports are now required to 
review the passports or birth certificates of applicants before issuing such media. 
Some airports have contracted identity verification out to private companies, and 
in many cases, CBP personnel will provide training to airport access control 
office/badging personnel in the identification of fraudulent documents. 

Part 1540.105 Security responsibilities of employees and other persons 
requires travelers and aviation employees to conform to certain security regula- 
tions. The regulation prohibits individuals from tampering with airport security 
systems or illegally entering airport security areas, or tampering, interfering, 
compromising, modifying, or circumventing any security system, measure, or pro- 
cedure. A violation of this sort might be a maintenance person working on or 
near a security access control door who, without permission, props the door open 
to facilitate work. Intentionally violating a security regulation or policy to test the 
system is authorized when the individual is acting in accordance with the security 
program. Authority to test security systems extends only to TSA security inspec- 
tors and those designated in the ASP or Aircraft Operator Standard Security 
Program. Other individuals who may possess an approved airport or airline identi- 
fication badge, including TSOs (ie, TSA screeners) and flight crew members, are 
not authorized to test security programs unless specifically approved by the secu- 
rity coordinator or director, who is responsible for the program being tested. 

The public, including the media, may not violate security policies and practices 
and claim immunity by declaring they were conducting a test of the security system. 
Sometimes, the federal government may use other personnel such as red team? mem- 
bers, employees from the DHS Office of the Inspector General, and other personnel 
under contract to the airport or aircraft operator to conduct vulnerability assessments, 
in which case the ASC may amend the ASP to include these individuals. 

There have been occurrences of airport, airline, or government personnel who 
have violated security measures by believing that security protocols should not apply 





“The Airport Operator can decide whether to accept the results of the check (or to conduct its own 
check), before issuing the access/ID media. 

°A pre-9/11 process known as the Access Investigation. The process has since been eliminated 
from the regulations, but some airports still require it. 

Red teaming is an industry term for inspections and tests conducted outside of the normal testing 
parameters using tactics more in-line with those of a criminal or terrorist. 
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to them. These people, when caught, often use a “testing the system” statement as a 
defense. This is akin to an off-duty police officer declaring to an on-duty officer who 
has pulled him or her over for speeding that he or she was just “testing” the other 
officer. These situations have occurred with enough frequency to cause valid security 
concerns. Security systems can become weakened or fail if employees are exempted 
from following security measures. Also, during the active shooter incident at Los 
Angeles International Airport in 2013, thousands of passengers pushed through fire 
alarmed access doors and ran into the security areas on the airfield. In such extreme 
circumstances, the priority to preserve one’s life typically justifies the violation of 
the regulation. Certain rules can be, for all intents and purposes, temporarily set aside 
during a general evacuation or escape, for life-safety purposes. 

Part 1540.107 Submission to screening and inspection requires individuals to 
submit to screening before entering sterile areas, as well as to present a document 
to verify their identity, and provide their full name, date of birth, and gender. This 
requirement applies to passengers and aviation employees who access sterile areas 
through screening checkpoints. While the regulation specifically requires identifi- 
cation to access a security screening checkpoint, the TSA has made exceptions, 
particularly in cases when an individual may have lost their identifying document, 
such as driver’s license or passport, while travelling. In 2016, the TSA issued a 
Final Rule that requires passengers to undergo screening using advanced imaging 
technology (AIT) at security screening checkpoints. While the rule allows the TSA 
to require a passenger to use the AIT, it leaves some discretion to the TSO as to 
whether to allow a pat-down or to require the AIT screening process. 

Part 1540.109 Prohibition against interference with screening personnel protects 
against interference with screening personnel in the performance of their duties. 

Part 1540.111 Carriage of weapons, explosives, and incendiaries by indivi- 
duals addresses the prohibitions and requirements for carrying certain items on 
board an aircraft or into the Sterile Area. Unless otherwise authorized, no person 
may have a weapon, explosive, or incendiary on or about the individual’s person 
or accessible property, when (1) performance has begun of the inspection of the 
individual’s person or accessible property before entering a sterile area, or before 
boarding an aircraft for which screening is conducted; (2) when the individual is 
entering or in a sterile area; or (3) when the individual is attempting to board or 
is onboard an aircraft for which screening is conducted. 

Weapons may be carried by LEOs as part of the performance of their official 
duties. Passengers can transport weapons in checked baggage, provided declared 
to the aircraft operator prior to checking the bag, it is unloaded and contained a 
hard-sided container which is locked (with a TSA-approved locks’) and for which 





7After 9/11, several companies began selling locks that include a universal access key lock in addi- 
tion to the user’s key or combination lock. TSA screening personnel have the universal access keys 
for the locks and thus may access an individual’s bag without compromising the user’s lock, but in 
2015 an individual uploaded a photo of the TSA master keys, thus enabling some individuals with 
3D printers to duplicate the keys. 
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only the passenger retains the key or combination. Ammunition may be carried 
based on air carrier policies and there are often additional airline policies that 
address the transport of firearms in checked baggage. Typically, the firearm is 
inspected by a TSO at the ticket counter, before the container is locked and 
placed into the baggage system. Before 9/11, some airlines would place large red 
identifying stickers on the outside of firearm cases, as a safety precaution, but it 
also identified the container as firearm, making it easy to steal. 

It is a violation to have a prohibited item, once screening has begun, while in 
sterile areas or when attempting to board or be onboard an aircraft. Airport 
screening formally began when an individual’s carry-on bags entered the X-ray 
machine or when the individual steps into the metal detector, AIT, or other 
approved screening device. However, with the deployment of TSA Behavior 
Detection Officers (BDOs), there is some debate as to when screening officially 
begins, since the BDOs normally operate in the public areas of the terminal build- 
ing. Additionally, there is also some debate whether screening officially begins at 
the travel document stations where TSA personnel check the identification of pas- 
sengers and their boarding documents. A final definition has not been clarified, 
but TSA has encouraged airports to post signs throughout the public areas warn- 
ing individuals that they may be subject to screening. There was also debate at 
some airports where local concealed or open-carry weapons laws lawfully allowed 
the carriage of weapons in the public areas of a government facility, including air- 
ports, which has created more questions about where screening lawfully begins 
and when does an individual voluntarily submit to a screening process. 

It is necessarily redundant to have restrictions regarding prohibited items 
when going through screening, in sterile areas, during boarding, or while on an 
aircraft. There are small commercial service aircraft operations and airports in the 
United States (mostly small communities in Alaska) where flights are not 
screened and where sterile areas do not exist. Therefore, the regulation extends to 
cover these types of airports by prohibiting the possession of a prohibited item 
while boarding or onboard any aircraft. 

Part 1540.113 Inspection of airman certificate requires any individual who 
holds an airman certificate, FAA medical certificate, authorization, or license 
issued by the FAA, must present it for inspection upon a request from TSA. 
Specifically, the request must come from a TSI, Assistant Federal Security 
Director (AFSD), FSD, or similarly authorized individual. TSOs (ie, screeners) 
are not authorized to demand that a pilot present their airman certificate for 
inspection. Also note that the regulation only requires the pilot to present for 
inspection. It does not give the TSA employee the right to confiscate or even 
touch the airman certificate. Pilots are very reluctant to surrender their airmen 
certificates and medical certificates to anyone other than an authorized Flight 
Standards District Officer (FSDO), acting in an official capacity.” Confiscating a 





Even in the case of an FSDO employee attempting to confiscate an airman’s medical or pilot 
certificate, many pilots will still refuse and in some cases, leave the airport and call their attorney. 
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pilot or medical certificate effectively “grounds” the pilot from flying, until the 
documentation is back in their physical possession. If TSA, the police or air car- 
rier or airport operator believes there is a threat to aviation security presented by 
an individual who is refusing to hand over their pilot documentation, then other 
measures can be taken to prevent the individual from accessing the airfield or an 
aircraft, while FSDO is notified and can respond. 

This rule closes a gap, particularly in the case of GA aircraft operators and air 
cargo operators, many of whom do not have airport access media for a commer- 
cial service airport. Additionally, the requirement of pilots to carry some form of 
government issued photo ID has aided inspectors in this area, and some newer 
pilot certificates feature the pilot’s photo on the certificate. 

Part 1540.115 Threat assessments regarding citizens of the United States 
holding or applying for FAA certificates, ratings, or authorizations applies to 
individuals applying for an airman certificate or rating from the FAA. An unfortu- 
nate occurrence related to 9/11, is that the hijackers who took over the flight deck 
were trained here in the United States, at US flight schools. At the time there 
were no requirements for individuals to submit any information to the US govern- 
ment, other than that required to be submitted on their aviation medical applica- 
tion, and the application for the appropriate certificate or rating. In neither case 
was the information regularly vetted by law enforcement or intelligence agencies. 

Now, when an individual begins flight training or increases their certifications 
or ratings, an STA is conducted to determine if the individual is a threat to air 
transportation or national security, presents a threat of air piracy or terrorism, a 
threat to airline, passenger, or civil aviation security. 

Part 1540.117 Threat assessments regarding aliens holding or applying for 
FAA certificates, ratings, or authorizations applies to individuals who are not citi- 
zens of the United States but hold or desire to earn an airman certificate or rating, 
but undergo both an STA and a Criminal History Record Check. However, the 
requirement for the criminal history record check falls under a different aviation 
security regulation (1552). Part 1540.117 only requires the STA. 


Security threat assessments 


Parts 1540.201, .203, .205, and .209 address the requirements of STAs, for vari- 
ous circumstances. Predominantly, STAs are conducted for individuals applying 
for access media to an airport’s Security Areas. STAs are conducted to determine 
if the individual is a threat to transportation or national security, presents a threat 
of air piracy or terrorism, or a threat to airline, passenger, or civil aviation secu- 
rity. STAs must be performed for domestic and foreign aircraft operators, [AC 
personnel including those working at a CCSF that is authorized to perform or 
supervise cargo screening. Note that the STA requirement for airport operators to 
issue access media (ie, to tenants, vendors, and contractors working in airport 
security areas) is not included in this regulation. The rules requiring STAs for the 
issuance of airport access media are addressed in an SD and not available to the 
public. There have been numerous changes to the entire credentialing process for 
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airport issued access media over the past several years, which may be the reason 
final rules have not yet been adopted. Fundamentally, the STA process for 
airports is similar to the process for air carriers and other entities listed in 
Part 1540.201. 

The STA includes an intelligence-related check and a final disposition. Under 
the intelligence-related check, the applicants identifying information is reviewed, 
and a search of domestic and international government databases is conducted. 
An applicant poses a security threat when TSA determines that he or she is 
known to pose or is suspected of posing a threat to national or transportation 
security, or is suspected of terrorism or terrorist-related activities. If the STA indi- 
cates an applicant has an outstanding want or warrant, or is a deportable alien, 
TSA will send the applicant’s information to the appropriate law enforcement or 
immigration agency. An STA will result in either: 


1. A Determination of No Security Threat, meaning the individual has passed the 
STA. 

2. An Initial Determination of Threat Assessment, which will include a 
statement that TSA has determined that the applicant is suspected of posing or 
poses a security threat. Additional information along with an appeals process 
is also described in the notification. 

3. An Initial Determination of Threat Assessment and Immediate Revocation if 
TSA determines that the applicant does not meet the STA standards and may 
pose an imminent threat to transportation or national security, or of terrorism. 
Since the TSA periodically conducts STA’s on individuals who have already 
cleared the process, or they may already hold access media from other 
airports or aircraft operators, there are situations where the applicant is denied 
clearance and must have their existing access media immediately revoked. 


If the applicant does not appeal the Initial Determination of Threat 
Assessment or Initial Determination of Threat Assessment and Immediate 
Revocation, or if TSA does not grant the appeal, TSA serves a Final 
Determination of Threat Assessment on the individual and the applicant, in which 
case they are not authorized to receive access media. 


Responsibilities of holders of TSA-approved security programs 


Part 1540.301 Withdrawal of approval of a security program gives the TSA the 
authority to withdraw the approval of a security program (Airport, Aircraft 
Operator, IAC, etc.), and if the TSA determines continued operation is contrary 
to security and the public interest. TSA will serve a Notice of Proposed 
Withdrawal of Approval, which notifies the holder of the security program, in 
writing, of the facts, charges, and applicable law, regulation, or order that form 
the basis of the determination. The operator has a right to petition for reconsidera- 
tion for 15 days after being served with the withdrawal notice. TSA can also 
effect an Emergency Withdrawal, if TSA finds that there is an emergency 
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involving aviation security that requires immediate action that makes carrying out 
the normal withdrawal procedures contrary to the public interest. 

Withdrawing the approval of a security program is an extraordinarily rare proce- 
dure and only happens in extreme situations. The withdrawal of a security program 
would effectively shut down a commercial service airport, so any airport operator 
receiving a Withdrawal notice would have likely had a series of TSA Letters of 
Investigation and fines, prior to the Withdrawal, or has had simmering security issues 
that are critical, but have gone unnoticed for a lengthy period of time. 


How regulations are changed 

Regulations related to aviation security are generally initiated through laws passed 
by Congress, such as the Aviation and Transportation Security Act of 2001. A 
government agency then drafts the regulations with or without public comment. 
In the case of the TSRs passed after 9/11, there was little chance for public com- 
ment, but the majority of the security regulations were already in place under the 
jurisdiction of the FAA. Once in place, there are several ways that the federal 
government can change the regulations and policies related to aviation security. 
These include SDs, notices of proposed rulemaking, and amendments to airport 
and air carrier security programs. 


NOTICE OF PROPOSED RULEMAKING 


Besides the passage of laws, regulations are changed through the notice of pro- 
posed rulemaking (NPRM). The TSA drafts then issues a proposed rule to the US 
Office of Management and Budget (OMB) for approval. If the OMB approves, 
then the rule is published in the Federal Register, a public document that 
describes what the US federal government intends to do or is doing. The listing in 
the Federal Register provides a specified period for public comment.’ After the 
TSA has received the comments and the comment period has ended, the agency 
will make modifications (if deemed necessary), then publish the final rule in the 
Federal Register. When a proposed regulation is published a second time in the 
Federal Register, it becomes law. 

In emergencies, regulations can be drafted and immediately implemented. The 
temporary flight restrictions used by the federal government throughout the 
United States after 9/11 is an example of an emergency rulemaking. The benefit 
of the NPRM process is that it allows for input from an industry before making a 
regulation statutory, providing opportunity for feedback to proposed rules. This 
enhances the usefulness and viability of the proposed regulation. 





°Often, industry organizations play a significant role in this phase of the rulemaking process as the 
organizations represent large memberships. 
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CHANGING AN AIRPORT OR AIRCRAFT OPERATOR SECURITY 
PROGRAM 


Because of the changing nature of the aviation industry, airport operators and fed- 
eral officials may be required to change an airport or air carrier security program. 
These programs are generally changed through a permanent or temporary amend- 
ment to an ASP, which can be initiated by the regulated party (airport or airline) 
or the TSA, a notice of a changed condition that affects security, or an SD issued 
by the TSA. 

US Regulation Part 1542.105 Approval and Amendments addresses the meth- 
ods for amending an ASP. Amendments are generally permanent changes to the 
program versus a “changed condition affecting security,” which is usually a tem- 
porary condition. 

Many factors can cause an airport or air carrier to change its federally 
approved security programs. Airfield construction, new security threats, intelli- 
gence pointing to a potential attack on aviation, staffing problems at an airport, 
maintenance issues on airport and air carrier security systems, and even natural 
disasters can result in changes to security programs. 

An airport or air carrier operator uses an amendment when the operator desires 
to include formally a new process in its approved security program. Amendments 
are often in response to changing systems, measures, or procedures, such as the 
format of the airport’s access control system or badging system; the addition of 
new air carriers or access gates; changes to the geographical boundaries of the 
security areas; an appointment of a new ASC; or changes to the law enforcement 
requirements, contingency plans, or incident management procedures. 

If an airport or air carrier desires to amend its ASP, it will draft the proposed 
change and then provide it to the TSA at least 45 days before the effective date. 
The TSA needs this time to review the proposed change(s) and any potential 
effects the change will have to the overall security posture. The TSA must 
respond within 30 days of receiving the proposed amendment, either by accepting 
or denying it. If denied, the operator has 30 days to appeal.'° On occasion, airport 
and air carrier operators draft temporary amendments not intended to become part 
of the permanent ASP—for example, for airfield construction or emergency 
exercises. 

During airfield construction, airport operators may be required to remove parts 
of the perimeter fence, install temporary access gates, employ temporary person- 
nel to control airfield access, and allow contractors to hire personnel who might 
not undergo required airport badging. These changes would clearly not be allowed 
under an ASP, so the airport operator will endeavor to create an amendment con- 
sisting of alternative procedures and demonstrate that the security of the airport 





10As a best practice, when the ASC desires to amend the ASP, he or she commonly will hold 
discussions with the TSA to address any questions or concerns before formally submitting the 
amendment. 
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can be maintained. Alternatives may include allowing individuals to be escorted 
by badged personnel, who must stay onsite at all times construction is occurring. 
Another alternative is to cordon off the construction site using temporary fencing 
to deter nonbadged individuals from accessing the security areas. 

Emergency exercises are another reason for a temporary amendment. During 
many aircraft emergency exercises, there are dozens and sometimes hundreds of 
volunteers and participants who do not have badged access authority. For this sit- 
uation, the security coordinator may exclude part of the airfield from the other 
airport security areas for the duration of the exercise. The security coordinator 
must demonstrate in the amendment how the security of the remaining security 
areas will be maintained and how the exercise area will be restored to a secure 
condition after the exercise is complete. 

The amendment process does not prohibit airport or air carrier operators from 
increasing their own security measures in response to imminent threats. An opera- 
tor may add security measures without including them into the ASP. In fact, 
many airport and air carrier operators draft security programs to meet the mini- 
mum standards that the TSA will allow, but then exceed the standard in actual 
operating practices. Airports and airlines often want to meet higher security stan- 
dards but understand that any system, measure, or procedure approved as part of 
their TSA-approved security program must be adhered to or the entity is in poten- 
tial violation and may be fined for noncompliance. 

If the TSA wants to amend an operator’s security program, the operator has 
30 days to comment on the proposed amendment. After this time, the TSA imple- 
ments or rescinds the amendment. The amendment is good until it expires. The 
operator may appeal the amendment but must comply with the requirements and 
conditions of the amendment during the appeal. This type of amendment is gener- 
ally not done to address an imminent threat but more a potential weakness in the 
system that could be eventually exploited. 

Although many amendments pertain only to one airport, some TSA amend- 
ments apply to all security programs at all regulated entities. In 2007, the TSA 
attempted to issue an amendment to incorporate all of the procedures required in 
all of its previously issued SDs. The amendment also included additional proce- 
dures and was met with resistance from airport and air carrier operators. The TSA 
rescinded the proposed amendment later that year. 

In the 25 years preceding 9/11, there were a handful of significant amendments 
to aviation security regulations. When the federal aviation regulations pertaining to 
security were transferred to the TSA, many of FAA amendments, which had never 
been formalized into regulations, were incorporated into the new TSRs. A few old- 
er FAA amendments were not embodied in the TSRs but remain in effect, includ- 
ing preventing the use of public storage lockers in nonsterile areas, requiring 
airport operators to continuously notify travelers not to leave baggage unattended, 
and requiring ASCs to coordinate security efforts with air carriers. 

The TSA can also issue emergency amendments to security programs. An 
emergency amendment is issued when there “is an emergency requiring 
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immediate action with respect to safety and security in air transportation or in air 
commerce that makes procedures in this section contrary to the public interest,” 
which allows an airport no review time and must be implemented when the TSA 
specifies (Part 1542.105(d)). Again, the airport may appeal the emergency amend- 
ment but must comply with its requirements and conditions in the meantime. 


CHANGED CONDITION AFFECTING SECURITY 


Airports are dynamic environments, and security challenges and changes can be 
frequent, particularly at larger airports. Access control doors go out of service, 
vehicle gates malfunction, and people inadvertently enter the security areas. For 
some of these incidents, such as a breach of security, the airport operator initiates 
the appropriate law enforcement response (if necessary) and notifies the TSA 
immediately. A changed condition occurs when a gate goes out of service, or 
some other condition on the airport changes, causing a different condition to exist 
than what is described in the ASP. A changed condition affecting security (Part 
1542.107) occurs when a security problem causes an airport or air carrier to go 
out of compliance with its security program and temporary measures cannot be 
implemented to maintain it at the level called for in the ASP. For instance, if the 
number of LEOs available at an airport is reduced, such as might happen when 
police officers are supplied by a municipality and the municipality decides to 
reduce the number to below that required in the ASP. Under the regulations, the 
airport operator must notify the TSA verbally within 6 hours of the change and 
by written notice within 72 hours. The ASC must submit an amendment to the 
TSA within 30 days if the changed condition is projected to continue for more 
than 60 days.'' The airport must also advise the TSA of actions taken to ensure 
that the same level of security is maintained during the change, along with a date 
or time the airport expects the problem to be resolved. 

Changed condition notifications are not generally needed when a situation 
occurs to affect the security posture, but immediate action is taken to ensure that 
security is not compromised. An example would be a vehicle access gate going 
out of service. The airport must first ensure that no unauthorized entry occurred. 
If it did, then it is an incident with mandatory TSA notification and action by the 
airport to find who may have entered the security areas. If there was no unautho- 
rized entry and appropriate procedures were followed to restrict access (such as 
posting a security guard in contact with security personnel in the security opera- 
tions center to verify those with authorized access), security is not compro- 
mised—although a different procedure is in place other than the procedure in the 





l Airport operators should remember that the TSA has discretion determining when the 30-day 
timeline begins. Some TSA personnel believe the 30 days begins when the change first occurred, 
whereas others believe the 30 days begins when the airport operator becomes aware that the change 
will last longer than 60 days. The best practice according to several TSA security inspectors is to 
keep the FSD and TSA-compliance personnel in the information loop on any changed condition. 
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security program.'* However, some TSA inspectors and FSDs may require a 
changed condition notification anytime there is any unplanned alteration to the 
way the airport is carrying out its security measures that differ from what is artic- 
ulated within the ASP, regardless of whether the same level of security is still 
maintained. 


INTELLIGENCE AND INTERVENTION 


In the June 22, 2007 issue of Joint Pub 0-2, intelligence is described as follows: 
Intelligence is the product resulting from the collection, processing, integration, 
evaluation, analysis, and interpretation of available information concerning 
foreign nations, hostile or potentially hostile forces or elements, or areas of actual 
or potential operations. The term is also applied to the activity which results in 
the product and to the organizations engaged in such activity. 

The intelligence community (IC) is a collection of executive branch agencies 
that work separately and together to conduct intelligence activities necessary 
for the conduct of foreign relations and to protect the national security of the 
United States (Interagency Threat Assessment and Coordination Group, 2012). 

Intelligence and intervention related to aviation security are most often the 
responsibility of national governments. In How Safe Are Our Skies? Rodney 
Wallis (2003) faulted the 9/11 attacks on the failure of US government intelli- 
gence: The government controls the intelligence services, and intelligence is vital 
if democracies are to be guarded against terrorism, whether land-based or air- 
borne. There is every reason to believe the intelligence services failed the 
American people over the September 2001 attacks. It became clear immediately 
after the events that information had been circulating but had not been acted 
upon. Names of the hijackers were known to the Central Intelligence Agency 
(CIA) and FBI, yet these criminals were allowed to move freely within the 
United States and board aircraft with little or no special attention paid to them. 
(p. 19). 

The DHS manages security intelligence and intervention strategies. These 
efforts serve as the outermost layer of the US aviation security system. DHS 
security functions include gathering intelligence, monitoring terrorist and criminal 
activities, and, if necessary, intervention before a potential attack on the United 
States. The DHS works with the TSA to notify airport and airline security 
managers of potential targets and terrorist strategies. 

In the United States, the TSA and FBI disseminate aviation security informa- 
tion to airports and airlines that enables them to implement precautionary security 
measures, often referred to as contingency plans. Each commercial service airport 





Some TSA personnel will still want verbal and written notification of any change in airport secu- 
rity. These issues are at the discretion of the FSD and, in some cases, the TSIs. 
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has an FBI agent assigned to coordinate aviation security activities and share 
intelligence with the local airport and airline operators. The TSA’s FSD also 
receives intelligence information and works with the FBI and local airport and 
airline personnel to develop and implement contingency plans. 

US intelligence agencies and military services conduct most of the nation’s 
intelligence gathering and early intervention related to aviation security. 
However, intelligence analysts are always careful to note that there is a distinction 
between information and intelligence, and the even more evasive actionable intel- 
ligence, which is information that enables US military or law enforcement assets 
to take action (arrest or capture/kill). Further, the US IC consists of numerous 
organizations and agencies, often with overlapping missions. More often than not, 
intelligence trickles in looking more like tidbits of information, until eventually a 
picture begins to form of potential criminal or terrorist activity. Many agencies 
can have different pieces of a very large puzzle, and those pieces are not always 
accurate or shared across domains. The intelligence cycle includes five steps: 


Planning and direction 
Collection 

Processing and collation 
Analysis and production 
Dissemination 


oP ens 


Planning and direction focuses on intelligence and law enforcement agencies 
on a particular direction or threat(s). Collection includes the collection of relevant 
information about the threat, from a variety of sources, which could include the 
DOD, the Department of Justice (DOJ), DHS, other federal agencies such as the 
National Geospatial Intelligence Agency, the CIA, FBI, DEA, and state, local, 
and tribal organizations. Processing and collation attempts to take multiple pieces 
of information from these sources and put them together to form a better picture 
of terrorist or criminal activity. Analysis and production includes preparing 
reports to disseminate back to the intelligence and law enforcement agencies, and 
dissemination is the process of distributing the information to those entities. It is 
the aviation security practitioner who needs to be both part of the contribution of 
information to this system and a consumer of its products. 

Failure to review and analyze international or any off-airport security issue is 
negligent aviation security management. Airport operators frequently rationalize 
that there is little they can do at the local level to mitigate threats outside airport 
boundaries or their internal operations. Just as an airport operator would work to 
solve a safety issue or environmental problem on their airport, they can and should 
take preventive security measures when international security threats are detected 
or anticipated. These proactive measures include using increased levels of law 
enforcement personnel, increasing surveillance of the airport perimeter, imple- 
menting random increases in security measures either temporarily or permanently, 
or a variety of other strategies. It is essential that any aviation security manager 
practice due diligence and keep appraised of current and developing threats. 
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The analysis of intelligence and application of its meaning and results can con- 


tribute significantly to the protection of assets and personnel. There are six types of 
intelligence (Interagency Threat Assessment and Coordination Group, 2012): 


1. 


Signals intelligence (SIGINT) is the exploitation of electronic emissions 
information, which is derived from four sources: electronic, communications, 
foreign and weapons-related command, and control signals. Email, radio 
intercepts, and cell phone monitoring typically fall into this category. 


. Imagery intelligence (IMINT) is the product of processing raw images, in the 


form of pixels, digits, or other forms, and the attempt to determine the time, 
date, and place that the imagery was obtained. 

Measurement and signature intelligence (MASINT) is scientific and technical 
intelligence (metrics, angles, spatial, wavelength, etc.) derived from sensors to 
detect identifying distinctive features associated with the source. 
Human-source intelligence (HUMINT) is derived from human beings who 
may be both sources and collectors of information, either by direct 
observation and the use of recruited agents and, in some cases, interrogation. 
Open-source intelligence (OSINT) is unclassified information of potential 
intelligence value and is open to the general public. 

Geospatial intelligence (GEOINT) is intelligence derived from imagery and 
geospatial information of physical features and geographically referenced 
activities on Earth (typically associated with satellite gather information). 


There are five categories of intelligence available to the consumer of intelli- 


gence (Interagency Threat Assessment and Coordination Group, 2012): 


1. 


Current intelligence: day-to-day events, new developments, related 
background, and an assessment of their significance to warn of near-term 
consequences. Presented in daily, weekly, and monthly publications. 


. Estimative intelligence: seeks to assess potential developments that could 


affect US national security, beginning with facts, then exploring the unknown 
and the unknowable. Helps policy makers to think strategically about long- 
term threats. National intelligence estimates produced by the National 
Intelligence Council and the director of national intelligence are the most 
authoritative written assessments of national security. 

Warning intelligence: sounds an alarm or gives policy makers notice—urgent 
in nature and implies the need for action or response. SDs are intended for 
warning intelligence. 

Research intelligence: presented as in-depth studies as an underpinning to 
current and estimative intelligence. 

Scientific and technical intelligence: information on technical developments 
and characteristics, and performance and technical capabilities of weapons 
and security systems. Bomb Appraisal Officers (BAOs) will often share this 
type of intelligence with TSOs so they can watch for new types of explosive 
devices. 
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Intelligence products that are typically available to front-line response person- 
nel include situational awareness and threat reports and information reports such 
as an information intelligence report or homeland intelligence report (HIR) that 
disseminate unevaluated intelligence within the IC. Intelligence assessments are a 
finished intelligence product resulting from analysis; threat assessments provide 
in-depth analysis related to a specific threat; intelligence bulletins are finished 
intelligence products used to detect trends in an article format; and a joint intelli- 
gence assessment is written by two or more agencies that address the same types 
of information that can be found in an intelligence bulletin issued by a single 
agency (Interagency Threat Assessment and Coordination Group, 2012). 

Two notable types of ongoing intelligence material that may be of interest to 
airport police and security personnel are Roll Call Release and Terrorism Summary 
(Interagency Threat Assessment and Coordination Group, 2012). Roll Call Release 
focuses on terrorist tactics, techniques, procedures, terrorism trends, and indicators 
of suspicious activities (Interagency Threat Assessment and Coordination Group, 
2012). Terrorism Summary is a secret classified document that includes terrorism- 
related intelligence available to the National Counterterrorism Center (NCTC) 
(Interagency Threat Assessment and Coordination Group, 2012). 


HANDLING INTELLIGENCE INFORMATION 


“Controlled unclassified information” refers to information that does not meet the 
standards for National Security Classification under EO 12958, but is pertinent to 
the national interests of the United States, and under law or policy requires pro- 
tection from unauthorized disclosure; typically this type of information is referred 
to as FOUO, “for official use only.” FOUO should be safeguarded and withheld 
from public release until approved by the originating agency. “Law enforcement 
sensitive,” is another name for FOUO information. In either case, this type of 
information should only be shared with those with a need-to-know, and precau- 
tions taken to prevent the inadvertent release of the information. 


WHAT INTELLIGENCE INFORMATION CAN AND CANNOT DO 


Intelligence can improve decision making, while hindering our enemies decision 
making. It can warn of potential threats, provide insight into current events, pro- 
vide better situational awareness, provide long-term assessments on issues of 
ongoing threats, provide pretravel security overview, and support and provide 
reports on specific topics based on need (Interagency Threat Assessment 
and Coordination Group, 2012). However, intelligence information cannot predict 
the future nor can it violate US law (Interagency Threat Assessment and 
Coordination Group, 2012). 

Aviation security practitioners may obtain unclassified intelligence products 
through the Homeland Security Information Network—lIntelligence, Law 
Enforcement Online, Intelink-U, Regional Information Sharing Systems Network, 
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DHS Technical Resources for Incident Prevention (TRIPwire), and Federal 
Protective Service Portal, Open Source Center. Secret-level information can be 
accessed through proper clearances at NCTC-Online-SECRET, the Office of 
Intelligence (OI) and Analysis, FBINet, and FBI intelink/SIPRNet (Interagency 
Threat Assessment and Coordination Group, 2012). 

Raw intelligence reports, alerts, or notifications provide timely dissemination 
of unevaluated intelligence. It may be nonspecific, fragmentary, or just constitute 
suspicious activity. The key to evaluating such information is knowing how the 
information was obtained, its credibility and reliability, and the type of source. 
There are two types of access: direct and indirect. Direct access means the intelli- 
gence source has direct knowledge of the fact or appears to be in direct contact 
with those knowledgeable. Indirect access means there is some distance between 
the source and the origin of the information. Excellent access means the source 
may have learned about the fact or event from the decision maker or a source 
document. Good access suggests credibility but no direct access to the informa- 
tion (Interagency Threat Assessment and Coordination Group, 2012). 

Also useful in evaluating intelligence is to understand the chain of acquisition, 
whether the information is credible and reliable, and the level of relationship the IC 
has with the source. The chain of acquisition speaks to the sources’ relationships 
and the potential changes in the information as it passes from one individual to 
another. The longer the chain of acquisition, the more likely the information will 
have changed, which affects its accuracy. Credibility speaks to the extent to which 
something is believable. The credibility of a source is both time and context depen- 
dent. A person may be more credible at certain times and less at others. Reliability 
is a criterion of credibility and, as applied to the source, speaks to the likelihood 
that the report is an accurate reflection of the events reported. “Reliable,” in this 
context, means that the established reporting record is judged to be accurate, while 
“uncertain” reflects that there is uncertainty in the report (and may indicate to what 
extent), and “unknown” means the information is from a previously unreported 
source (Interagency Threat Assessment and Coordination Group, 2012). Sources 
are categorized into contact, collaborative, established, walk-in (or call, write), or 
sensitive (Interagency Threat Assessment and Coordination Group, 2012). 


1. Contact means that the information is from someone who has provided 
information but for whom a formal relationship has not been established. 

2. Collaborative means this likely comes from a newly established source and a 
formal relationship has been established. 

3. Established sources come from individuals with a previously established 
relationship and, if revealed, would probably endanger their status, reputation, or 
security. 

4. Walk-in/call-in/write-in sources are previously unknown individuals who 
make contact with an official (person, call, web site, etc.). 

5. A sensitive source is a source whom, if compromised, might reduce the ability 
to use the source in the future. 
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While much threat information is available at the unclassified and confiden- 
tial levels, sources and methods of gathering information are often classified at 
“secret,” “top secret,” or secure compartmentalized TS information. In under- 
standing estimative language, often the IC will use language such as “we esti- 
mate,” “we assess,” or “we indicate” when they are trying to convey an 
analytical measurement, based on incomplete fragments of information or infor- 
mation that is not factual. The IC does not use the word “unlikely” to imply that 
an event will not happen and uses the words “probably” or “likely” to indicate 
that there is a greater than even chance something will happen. Words such as 
“maybe” or “suggest” are used to reflect situations in which the IC is unable to 
assess the likelihood because relevant information is unavailable, fragmented, or 
sketchy. 

Sometimes the words “high,” “moderate,” and “low” confidence are used to 
convey degrees of likelihood. High confidence generally indicates the IC’s judg- 
ments are based on high-quality information. Moderate confidence generally 
means that the information is interpreted in various ways or that the information 
is credible and plausible but not sufficiently corroborated to warrant a higher level 
of confidence. Low confidence generally means the information is scant and it is 
difficult to make solid analytic inferences or that the IC has significant concerns 
with the sources (Interagency Threat Assessment and Coordination Group, 2012). 

Operated by the FBI, the National Terrorist Screening Center (NTSC) was 
established by Homeland Security Presidential Directive 6, which directed that a 
center be established to consolidate the government’s approach to terrorism 
screening and to provide for the appropriate and lawful use of terrorist informa- 
tion in screening processes. The NTSC began operations on December 1, 2003. 
The vision of the NTSC is to be the global authority for watch listing and identi- 
fying known and suspected terrorists. Its mission is to consolidate and coordinate 
the US government’s approach to terrorism screening and facilitate the sharing of 
terrorism information that protects the nation and our foreign partners while safe- 
guarding civil liberties. 

The NTSC is a single database of identifying information about those known 
or reasonably suspected of being involved in terrorist activity. Prior to 9/11 vari- 
ous government agencies maintained nearly a dozen separate watch lists monitor- 
ing persons of interest to US law enforcement and intelligence agencies. There 
was also not a central clearinghouse for all of the information that law enforce- 
ment and the IC could access about a potential person of interest. The terrorist 
watch list contains thousands of records that are updated daily with federal, state, 
local, territorial, and frontal law enforcement and members of the IC. The no-fly 
and selectee lists are two much smaller subsets of the terrorist watch list. 

Although aviation security practitioners may be unable to prevent the activities 
of terrorists operating in a foreign country plotting to attack a component of the 
aviation system, awareness of those activities is still relevant to the protection of 
US aircraft, airports, and the national aviation infrastructure. The TSA routinely 
notifies airport and airline security managers to increase security because of 
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potential threats from situations in other areas of the world.'* Aircraft operators 
must pay attention to worldwide terrorist threat alerts, because understanding the 
nature of these threats is essential to protecting flight crews, passengers, and 
aircraft. 

Aviation security practitioners must also pay attention to intelligence related 
to noncriminal or nonterrorist threats that could jeopardize the aviation system. 
An example of this is the avian flu. At first glance, this may seem a public health 
threat, not an aviation security threat. It is, however, a threat to both. The 
expected fatality rate of the avian flu is 50%; a pandemic outbreak would cause 
widespread casualties, including among travelers and airport personnel. Even a 
local outbreak would certainly affect some airport and airline personnel, with 
some dying or becoming incapacitated for weeks or months, and others needing 
time off because of sick relatives. This would seriously jeopardize the ability of 
the local and national aviation systems to ensure security because of the reduced 
numbers of personnel essential to the airport and airline operations. 

Airports are lifelines to the outside world, particularly during a disaster. For 
example, when Hurricane Katrina hit New Orleans in 2005, the airport became a 
triage location and then a staging area for rescue operations. When Hurricane 
Ivan hit Pensacola, FL, in 2004, the airport worked rapidly to recover so it could 
receive military and relief aircraft flying in to provide emergency services to the 
community. 

Although the focus is often on intelligence related to international terrorist 
organizations, domestic terrorist activity must not be ignored. Domestic terrorists 
have been responsible for numerous attacks within the United States. While many 
domestic attacks have been minor as compared to 9/11 or WTC bombing in 1993, 
the vehicle bombing of the Alfred P. Murrah Federal Building in Oklahoma City, 
OK, in 1995 was a tragic example of the capabilities of domestic terrorism. It is 
just as important to monitor the activities of domestic terrorist organizations as it 
is to monitor the activities of international terrorist organizations. Both are threats 
to the aviation system. 

Aviation security practitioners should become students of terrorist practices 
and strategies, be aware of local and world events, and have an understanding of 
current motives and methods of terrorist operations. Practitioners should develop 
excellent working relationships with local, state, and federal law enforcement 
agencies to effectively share intelligence and other mitigation strategies. They 
must constantly evaluate changing threat conditions and be prepared to implement 
higher levels of security. 

Under the Aviation Safety and Security Act of 1996, airport operators are 
required to have a consortium of aviation security and law enforcement profes- 
sionals who meet regularly to share information and develop strategies to mitigate 





'3Usually, airport and aircraft operator personnel receive briefings in the form of TSA ICs, or brief- 
ings from FBI or TSA FSDs. 
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or prepare for possible incidents. These committees are more effective if they are 
purpose-driven and key stakeholders have face-to-face meetings. * 

After 9/11, Boston Logan International Airport officials began the practice of 
a daily 8:30 am meeting. The airport director chairs this meeting, which is 
attended by the ASC, police and fire personnel, and representatives from the air- 
lines that use the airport. This daily meeting is to share security information and 
to focus all parties on security concerns every day. That the airport director chairs 
the meeting and that division heads of various airport and airline entities attend 
demonstrates that the highest priority of the Boston Logan Airport is security. At 
many airports, security meetings are held rarely and even more rarely attended by 
decision makers. To emphasize the importance of security and to ensure that 
timely decisions concerning security are made, it is important that decision 
makers attend security meetings, not just “note takers” comprised of assistants 
and administrative personnel. 

Airport security practitioners should maintain high levels of awareness with 
respect to global aviation security. Any attack on another airport, airplane, trans- 
portation, or infrastructure facility, in the United States or abroad, should be care- 
fully studied. Early warning indicators should be identified, and similar 
vulnerabilities should be assessed and appropriate measures taken. There may be 
value to sending security personnel to a site to assist with recovery and to assess 
measures that could be used in their own facility under similar circumstances. "° 


FUSION CENTERS, TERRORISM LIAISON OFFICERS, AND INFRAGARD 


Through the fusion centers and the Terrorism Liaison Officer (TLO) Program, air- 
port operators have new pathways to access relevant threat information and keep 
up on existing and potential threats. This can enable aviation security practitioners 
to be more aware of suspicious activities and patterns to watch for, possibly help- 
ing to turn information into intelligence. The national network of fusion centers 
serves as a focal point for the analysis, gathering, and sharing of threat-related 
information throughout a state or region. With timely, accurate information on 
potential terrorist threats, fusion centers can directly contribute to and inform 
investigations initiated and conducted by federal entities (DHS, 2012). 





14 Airline security managers and airport security personnel can receive security information on tech- 
nologies and practices through organizations such as the American Association of Airport 
Executives. Airline security information on technologies and practices is available through certain 
aircraft operator—specific organizations such as the Air Transport Association (now known as 
Airlines for America, A4A). Airport law enforcement personnel can maintain an awareness of air- 
port police practices and challenges through the Airport Law Enforcement Agencies Network. 
I5Various US aviation security practitioners sought involvement in the recovery efforts after 
Hurricane Ivan in Pensacola, FL, in 2004, and at the Louis B. Armstrong New Orleans 
International Airport after Hurricane Katrina in 2005 as a way to assist and learn from these 
disasters. 
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Located in states and major urban areas throughout the country, fusion centers 
are uniquely situated to empower front-line law enforcement, public safety, fire 
service, emergency response, public health, critical infrastructure protection, and 
private sector security personnel to understand local implications of national intel- 
ligence, thus enabling local officials to better protect their communities (Joint 
Regional Intelligence Center, 2012). Fusion centers provide interdisciplinary 
expertise and situational awareness to inform decision making at all levels of gov- 
ernment. They conduct analysis and facilitate information sharing while assisting 
law enforcement and homeland security partners in preventing, protecting against, 
and responding to crime and terrorism (Joint Regional Intelligence Center, 2012). 

Fusion centers are owned and operated by state and local entities with support 
from federal partners in the form of deployed personnel, training, technical assis- 
tance, exercise support, security clearances, connectivity to federal systems, tech- 
nology, and grant funding. The Colorado Information Analysis Center (CIAC) is 
one fusion center that was created in response to the 9/11 attacks and was 
awarded Fusion Center of the Year in 2010. The CIAC is designed to link all sta- 
keholders in Colorado, from local and federal LEOs, to bankers and schooltea- 
chers. It emphasizes detection, prevention, and information-driven response to 
protect the citizens and critical infrastructure of Colorado. This counterterrorism 
effort is centralized in order to enhance interagency cooperation and expedite 
information flow (CIAC, 2012). 

CIAC has been successful in promoting the eight signs of terrorism, through 
online videos and public awareness campaigns: 


Surveillance 
Elicitation 

Tests of security 
Funding 
Supplies 
Impersonation 
Rehearsal 
Deployment 
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DHS is working with the DOJ in their nationwide Suspicious Activity 
Reporting (SAR) initiative, which provides law enforcement with another tool to 
help prevent terrorism and other related criminal activity, by establishing a 
national capacity for gathering, documenting, processing, analyzing, and sharing 
SAR information. The Nationwide SAR Initiative is a standardized process— 
including stakeholder outreach, privacy protections, training, and facilitation of 
technology—for identifying and reporting suspicious activity in jurisdictions 
across the country and also serves as the unified focal point for sharing SAR 
information (DOJ, 2012). 

DHS has also launched the “If You See Something, Say Something” public 
awareness campaign. “If You See Something, Say Something” originated with the 
Port Authority of New York and New Jersey, and through DHS now consists of a 
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new series of public service announcements encouraging the public to contact 
local authorities if they see suspicious activity. Some videos have also been pro- 
duced and can be viewed at DHS- and TSA-related web sites. 

A TLO functions as the principle point of contact for a public safety agency 
in matters related to terrorism information (Joint Regional Intelligence Center, 
2012). The TLO, though not necessarily an expert in terrorism, attends meetings 
and receives terrorism training and information from the local fusion center or 
other local entities engaged in terrorism intelligence or investigations. The TLO 
then educates others within his or her department or area of responsibility (Joint 
Regional Intelligence Center, 2012). Airport managers and ASCs are eligible to 
become TLOs. 

TLOs are a vital link in keeping those engaged in public safety professions 
aware of current terrorist tactics, techniques, and practices. Through the diligent 
performance of their duties, public safety personnel are alerted to terrorism indi- 
cators and warnings that might otherwise go unreported (Joint Regional 
Intelligence Center, 2012). 

TLOs are typically contacted when suspicious activities are witnessed that 
could potentially be related to terrorism. They in turn forward the lead or suspi- 
cious activity report to their local police, fusion center, or the Joint Terrorism 
Task Force (JTTF). 

InfraGard is an information sharing and analysis effort that combines the 
knowledge base of members. InfraGard is a partnership between the FBI and the 
private sector and incorporates an association of businesses, academic institutions, 
state and local law enforcement agencies, and other participants dedicated to shar- 
ing information and intelligence to prevent hostile acts against the United States. 
InfraGard chapters are geographically linked with FBI field office territories 
(InfraGard, 2012). Aviation security practitioners can become members of 
InfraGard and are eligible to access some nonpublic intelligence and law enforce- 
ment information. 


DOMESTIC AND REGIONAL AVIATION SECURITY 


Aircraft operators conduct flights throughout domestic and regional areas (those 
areas more than a mile beyond the geographical boundary of an airport). It is 
important that aircraft security practitioners understand that threat levels can vary 
within the United States, Mexico, and Canada, and that airport security measures 
differ slightly throughout the United States, affecting the airline personnel opera- 
tions. For example, escort requirements at airports may differ. Some airports allow 
one badged'® individual to escort only one other unbadged individual, whereas 
other airports allow a badged individual to escort multiple unbadged people. 





'©Badged is a common industry term, which generally means an individual in possession of 
approved access/ID issued by the airport or aircraft operator. 
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The primary layers of government security organizations and agencies at the 
domestic and regional levels consist of the DHS, US Northern Command, FBI, 
TSA, and state agencies. Individual states have developed their own law enforce- 
ment, intelligence gathering, and emergency response capabilities, and although 
the FAA was largely relieved of its aviation security responsibilities after 9/11, 
the organization still plays a role. 

A key failure pointed out after the 9/11 attacks was the inability of the air traf- 
fic control system to effectively notify its radar and tower facilities, and thus the 
aircraft operators themselves, about the hijackings. Created after 9/11, the 
Domestic Events Network (DEN) is a 24/7 FAA-sponsored telephone-based 
conference-call network (recorded) that includes all of the air route traffic control 
centers in the United States and includes other governmental agencies that moni- 
tor the DEN. Its purpose is to provide timely notification to the appropriate 
authority that there is an emerging air-related problem or incident. 


NORTH AMERICAN AEROSPACE DEFENSE COMMAND 


The North American Aerospace Defense Command (NORAD) is a US and Canadian 
organization charged with the aerospace warning and aerospace control for North 
America. Responsibilities of this organization include monitoring fabricated objects 
in space and the detection, validation, and warning of attacks against North America, 
whether by aircraft, missiles, or space vehicles, through mutual support arrangements 
with other commands. The NORAD—US Northern Command (USNORTHCOM) 
Integrated Command Center serves as a central collection and coordination facility 
for a worldwide system of sensors designed to provide the commander and the leader- 
ship of Canada and the United States with an accurate picture of any aerospace threat. 

USNORTHCOM was established after 9/11 to provide command and control 
of DOD homeland defense efforts and to coordinate defense support of civil 
authorities. USNORTHCOM’s civil support mission includes domestic disaster 
relief operations that occur during fires, hurricanes, floods, and earthquakes. 
Support also includes counterdrug operations and managing the consequences of 
a terrorist event employing a weapon of mass destruction. The command provides 
assistance to a lead agency when tasked by the DOD. Per the Posse Comitatus 
Act, military forces can provide civil support, but cannot become directly 
involved in law enforcement. 

In providing civil support, USNORTHCOM generally operates through estab- 
lished joint task forces subordinate to the command. An emergency must exceed 
the capabilities of local, state, and federal agencies before USNORTHCOM 
becomes involved. 


DEPARTMENT OF HOMELAND SECURITY 


The DHS, established in January 2003, was created through the Homeland 
Security Act of 2002. The primary mission of DHS is to help prevent terrorist 


Domestic and Regional Aviation Security 


attacks in the United States, reduce the country’s vulnerability to terrorism, and 
assist in recovery after an attack (DHS, 2007). 

DHS combines 22 separate government agencies including the US Coast 
Guard, the Secret Service, the Federal Emergency Management Agency, and the 
TSA. US agencies such as the US Border Patrol, US Customs, and the US 
Immigration and Naturalization Service (INS) were blended into DHS and reorga- 
nized under Immigration and Customs Enforcement (ICE) and Customs and 
Border Protection (CPB). Agencies with involvement in aviation and homeland 
security include the FBI, the CIA, and the National Security Agency (NSA). 

As with the TSA, DHS has undergone several reorganizations since its incep- 
tion.” DHS is comprised of directorates responsible for the following: 


1. Managing border and transportation security assets used to prevent terrorists 
from entering the United States. 

Protecting air, land, and sea transportation systems. 

Enforcing immigration laws. 

Managing emergency preparedness and response. 

Coordinating the federal government’s response to terrorist attacks and 
major disasters. 

Assisting in recovery efforts. 

Employing science and technology personnel overseeing efforts to protect 
the United States from chemical, biological, radiological, and nuclear 
attacks. 

8. Funding research related to homeland security. 

9. Gathering and analyzing intelligence information from federal, state, and 
local agencies to detect terrorist threats or vulnerabilities in the country’s 
infrastructure. 

10. Enhancing nuclear detection efforts of federal, state, territorial, tribal, and 
local governments. 

11. Aiding the private sector in developing coordinated responses to security 
threats. 


gop ON 
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An important department within DHS is the Domestic Nuclear Detection Office, 
responsible for developing and deploying domestic nuclear, fissile, or radiological 
detection systems, and for detecting and reporting attempts to import or transport 
these materials for illicit use (DHS, 2006). Aviation is a possible method of transport 
or delivery for nuclear or radiological materials to the United States. 


TRANSPORTATION SECURITY ADMINISTRATION 


Originally organized under the Directorate of Border and Transportation Security, 
the TSA’s mission is to prevent terrorist attacks and to protect the US transporta- 
tion network. TSA is now a stand-alone division of DHS, with the administrator 





"The current organizational structure for DHS can be reviewed at www.dhs.gov. 
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serving as an assistant secretary of DHS directly responsible to the DHS 
secretary/deputy secretary. The Aviation and Transportation Security Act of 2001 
created the TSA to protect the public’s security in all forms of transportation. 
However, the majority of changes to the nation’s transportation network have 
been made in the area of aviation, and the majority of federal funding is still 
appropriated for aviation needs (Wodele, 2005). In the budget for fiscal year 
2004, $4.22 billion (86%) of the TSA budget was allocated for aviation security 
(Bullock et al., 2006, p. 215). 

The TSA’s initial responsibility was to take over airline screening at the nation’s 
450+ commercial service airports. The TSA met a demanding deadline by hiring 
55,000 screeners in just 1 year. The rapid hiring created imbalances in the workforce, 
with some airports having too few screeners and others having too many (GAO, 
2004, p. 9). TSA continues to adjust screener staffing models in an attempt to balance 
the number of screeners with the passenger activity levels at each airport. 

In its rapid formation, the TSA experienced its share of public relations issues, 
missteps, and organizational challenges. Despite all of these, Paul C. Light, a pub- 
lic service professor at New York University and a Brookings Institution scholar 
who has studied the TSA’s evolution, called it “one of the federal government’s 
greatest successes of the past half-century” (Goo, 2005). In addition to screening 
and regulatory compliances, the TSA oversees numerous other programs, 
including: 


1. FAM Program. Oversees hiring, training, and operations of FAMs. 

2. National Explosives Detection Canine Team Program. Started in 1970 by the 
FAA to train and certify canines and their handlers, and now the responsibility 
of the TSA. 

3. Training and certification of FFDOs. The program to provide firearms and 
self-defense training to pilots of commercial air carriers. 

4. Crew Member Self-Defense Training Program. A basic self-defense awareness 
program combined with hands-on training at local community colleges. 

5. Armed Security Officers Program. Provides armed security officers for GA 
flights arriving and departing from Reagan National Airport. 

6. Office of Training and Development. Provides rapidly deployable, national- 
level resources regarding all aspects of chemical, biological, radiological, 
nuclear, and explosives (CBRNE). 


The US GAO and DHS have long promoted risk management strategies 
(GAO, 2005, p. 10). Risk management is based on conducting a risk analysis, 
then allocating funding and resources to those areas with the highest risk of attack 
or the areas where an attack would create catastrophic damage. It acknowledges 
that not all life and infrastructure can be completely protected all the time. TSA 
risk managers are aware that an attack could penetrate an area that has not been 
assessed to be of critical importance. 

One area addressed by former TSA Director Kip Hawley’s administration is 
establishing flexible and random security procedures. This policy has resulted in 
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numerous security measures being required of airports and air carriers. The TSA 
has expanded its workload substantially beyond screening and oversight of federal 
regulations. Since Hawley’s tenure, the TSA has added BDOs and BAOs and has 
taken on employee screening through the Aviation Direct Access Screening 
Program. According to Hawley, “If we follow the same procedures everywhere, 
every time, we make it easier for terrorists to break the security code” (Tablott, 
2006). To this end, the TSA initiated a surge program (TSA, n.d.a.) as a method 
of increasing security focus and forces in key areas for short periods. The surge 
program is known as Playbook and includes teams of FAMs, local law enforce- 
ment, screeners, and other federal, state, and local police personnel conducting 
random antiterrorism measures throughout airports. Additionally, TSIs frequently 
are temporarily reassigned to another airport to conduct inspections or focus on 
security practices at specific areas of an airport or airline. The benefit of having 
outside personnel is that it provides an impartial look at security issues in specific 
situations or locations. TSA Administrator John Pistole moved the concept of 
risk-based security forward. Risk-based security is explained in more detail in 
Chapter 6, Introduction to Screening. 


FEDERAL SECURITY DIRECTOR 


The TSA is represented at the local level by an FSD. The FSD is employed by 
the TSA and reports to TSA headquarters. FSDs ensure that airport and aircraft 
operators within their jurisdiction follow regulations and oversee airport security 
screening operations. There were initially about 350 FSDs for the 450 commercial 
service airports in the United States; that number is now estimated to around 80 
as TSA figured out that an FSD was not needed at many of the airports that have 
low levels of commercial service. Most FSDs have jurisdiction over one or more 
airports. The FSD provides daily operational direction for federal security at air- 
ports and is the ranking TSA authority for the coordination of TSA security 
activities. 

FSDs have operational authority over the security screening workforce. This 
arrangement is unusual as the regulator of an activity, such as screening, is not 
normally the operator of the same activity. Outside the United States, most airport 
security functions are carried out by one entity and regulated by another. 

Other FSD duties (TSA, n.d.b.) include: 


1. Organizing and implementing the Federal Security Crisis Management 
Response Plan. 

2. Implementation, performance, and enhancement of security and screening 

standards for airport employees and passengers. 

Oversight of passenger, baggage, and air cargo security screening. 

Managing airport security risk assessments. 

Implementing and maintaining security technology within established 

guidelines. 
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. Providing crisis management to airports. 
. Protecting and recovering the data and communications network as it 
impacts federal security responsibilities. 
8. Employee security awareness training. 
9. Supervising federal law enforcement activities within the purview of the 
FSD and TSA. 
10. Coordinating federal, state, and local emergency services and law 
enforcement. 


yO 


Operationally, an FSD handles all incoming intelligence and disseminates it to 
the ASC. The FSD assists the airport operator with the interpretation of federally 
required procedures at the local airport level, particularly ICs and SDs that are 
issued from the TSA. The FSD also has the authority to stop aircraft and airport 
operations (P. Ahlstrom, personal communication, 2006). 

The TSA employs area (ie, regional) directors to oversee FSDs. Area directors 
have administrative oversight for the FSD workforce, conducting performance 
reviews and related activities. An FSD does have the authority and responsibility 
to make decisions on behalf of the TSA. Certain actions, such as approving an 
ASP or an amendment or procedure within an approved security program, must 
be reviewed by the TSA’s legal department. Although an FSD may have a TSA 
lawyer on hand, the lawyer receives direction from TSA headquarters, not the 
FSD. This is important to security coordinators attempting to get a security pro- 
gram or modified procedures approved as the process may take longer and be 
reviewed by individuals who are not onsite. 

FSDs preside over three departments: compliance, operations, and business 
management. There is also an AFSD for regulatory inspection who is responsible 
for compliance, and an AFSD for screening who is responsible for operations. 
FSDs have had their authority expanded to cover other modes of transportation, 
such as trucking, rail, and maritime activities (P. Ahlstrom, personal communica- 
tion, 2006). FSDs also have some level of operational control over the FAMs 
assigned to their areas, but their reporting structure has changed frequently over 
the years. 

Another AFSD is assigned to some airports, one for law enforcement. Besides 
the FAMs, this is one of the few actual LEOs within the TSA’s structure. 
Although TSOs are called “officers,” they do not have police powers or law 
enforcement arrest authority. 

The major responsibilities of the AFSD for law enforcement are to serve as 
the principle law enforcement specialist, providing advice and assistance to 
the FSD, maintaining contacts with local law enforcement agencies, and estab- 
lishing working relationships with key airline and airport personnel. This 
AFSD also coordinates movements of dignitaries, VIPs, and other law enforce- 
ment personnel; serves as the primary contact for TSA for law enforcement in 
the state, and shares information with TSA personnel concerning criminal 
activities. 
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TRANSPORTATION SECURITY INSPECTORS 


The compliance department, headed by the AFSD for regulatory inspection 
(sometimes referred to as “compliance”’), consists of TSIs who conduct ongoing 
audits of airport and aircraft operator security programs and procedures. Although 
the AFSD for regulatory inspection reports to the FSD, much of the TSI’s direc- 
tion comes from TSA headquarters. 

TSIs open cases and investigate alleged violations of security regulations. 
TSIs act as liaisons to the airport and aircraft operator security coordinators, pro- 
viding briefings and guidance on industry issues and policy changes. TSIs 
undergo 4 weeks of classroom training and then are assigned to an airport work- 
ing with senior TSIs. TSI training addresses the transportation regulation; the var- 
ious security programs including the ASP, Aircraft Operator Standard Security 
Program, IAC Standard Security Program, Model ASP (for foreign air carriers), 
Private Charter Standard Security Program, Twelve-Five Security Program, and 
the Alien Flight Training Program; compliance and enforcement techniques; and 
the methods of conducting investigations and inspections. 

TSIs conduct reviews of the various security programs including audits and 
inspections of the actual security procedures as they occur in an airport or within 
an airline. Violations of such procedures can result in an EIR. If the infraction or 
procedures violation is not corrected, the EIR could eventually result in a fine to 
the violator and possible criminal charges in extreme cases. TSIs also conduct 
enforcement actions against individuals, such as when a passenger attempts to 
bring a prohibited item through a screening checkpoint (L. Hamler Goerold, 
personal communication, 2006). 

The TSA also employs TSIs who serve as air cargo security inspectors. Air 
cargo security inspectors are TSI agents specializing in security issues related to 
IAC programs and air cargo. TSIs may also go through additional training to 
become qualified as an international TSI. International TSIs are sent to foreign 
airports to inspect whether the airport’s security procedures meet US standards. 

Although enforcement is a necessary part of their job, TSIs frequently work 
with airports and airlines to help them comply with regulations. Enforcement 
actions take a long time to adjudicate and often involve extensive administrative 
and legal work on the part of the violator and the TSA. TSA inspectors generally 
prefer to see actual compliance with the security regulations rather than to contin- 
uously process violations against those individuals and entities (L. Hamler 
Goerold, personal communication, 2006). 

The AFSD for screening heads the operations department, which includes the 
security screening workforce, screeners (ie, TSOs), lead TSOs, scheduling offi- 
cers, supervisors, trainers, and managers. 

Before 9/11, airlines were responsible for security screening. Following 9/11, 
the United States took the approach of hiring a federal screening workforce. At 
most of the world’s airports, screening is not handled by the national government 
but by airport operators through contracts with private organizations. The TSA 
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directly employs nearly 43,000 personnel to conduct screening, which includes 
personnel training, performance standards, certification, and testing of screening 
equipment. With the exception of a handful of airports that retained or have 
elected to opt for private screeners, all of the nation’s commercial service airports 
now have TSA personnel conducting passenger, carry-on, and checked-baggage 
screening. TSOs conduct passenger, carry-on, and checked-baggage screening; 
conduct travel document checks; and are sometimes provided additional training 
and fulfill the role of BDOs. 

The third area of responsibility for AFSDs is the business management depart- 
ment, which includes standard business functions such as accounting, budgeting, 
and human resources. Other personnel, such as public relations officers, may be 
located in the FSD’s main offices. Airport and aircraft operators may interface 
with the stakeholder liaison. Stakeholder liaison personnel work with airports, 
airlines, vendors, contractors, and others to help build and maintain working 
relationships between all parties. The stakeholder liaison works with the FSD to 
coordinate, implement, and maintain communication with stakeholders on TSA 
policies, programs, and directives. 

TSA Expert Transportation Security Officer (ETSO) is a title that’s been asso- 
ciated with TSA’s BAOs and other specialists within TSA’s ranks. 
ESTOs—BAOs are charged with finding effective ways to share their expertise 
and real-world experience with the TSO workforce. BAOs build simulated explo- 
sive devices and run them through the screening process to show TSOs what ter- 
rorists are doing and what they are capable of. BAOs also conduct advanced 
alarm resolution when the conventional alarm resolution process has been 
exhausted and the alarm has not been resolved. At his point, BAOs are responsi- 
ble for resolving the alarm, with zero margin for error. If a BAO has reason to 
believe that there is an improvised explosive device, he or she notifies airport law 
enforcement for resolution. BAOs are not explosive ordinance disposal personnel 
(although many come from the military EOD community); they are expected to 
assist in the resolution of suspect items but not disarm or remove them. BAOs 
also serve as the TSA subject matter expert liaison for law enforcement and 
bomb squad partners and act as on-call technical-assistance personnel for other 
law enforcement personnel. 


TSA’s OFFICE OF INTELLIGENCE 


One of the criticisms of the IC is that there was actionable intelligence available 
or known by certain agencies, but that the information was not shared. The FAA 
security office possessed limited intelligence analysis capabilities, relying largely 
on reports from other law enforcement and intelligence agencies, rather than 
developing their own intelligence products. 

In response to this shortcoming, TSA developed an OI to provide threat infor- 
mation to the transportation community. OI was mandated by ATSA and further 
revised by the Homeland Security Act to receive, assess, and distribute 
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intelligence information related to transportation security; assess threats to trans- 
portation; develop policies, strategies, and plans for dealing with threats to trans- 
portation security; and act as the primary liaison for transportation security to the 
intelligence and law enforcement communities. 

OI coordinates and shares information with other DHS agencies, the intelli- 
gence and the law enforcement community, and other government departments 
and agencies such as DOT, FAA, and the transportation industry. OI has placed 
liaison officers with key IC and law enforcement agencies across the federal gov- 
ernment to assist in their mission. 

OI is focused on supporting TSA’s risk-based security strategy. OI provides a 
threat framework to prioritize security resources, which is regularly used by 
FAMs, FSDs, and the transportation industry. The office works in conjunction 
with the Transportation Security Operations Center (TSOC) to disseminate warn- 
ings and notifications of credible and imminent threats (TSA, 2006). OI provides 
and maintains the Remote Access Security Program that provides the TSA field 
with access to classified information in a timely and secure manner. 

The OI consists of the Intelligence Watch and the Outreach Division 
(IW&O), which functions as a 24-hour watch, and the Current Intelligence and 
Assessments (CI&A) Division, which functions as an analysis center tracking 
current and emerging threats across all modes of transportation (TSA, 2006). 

IW&O maintains a full-time liaison officer presence at seven key IC and law 
enforcement locations including DHS’s OI and Analysis, the Director of National 
Intelligence’s NCTC, the FBI’s National JTTF, CBP’s National Targeting Center, 
the NSA, the DEA-administered El Paso Intelligence Center Air Watch, and the 
Terrorist Screening Center (TSA, 2006). 

CI&A produces The Transportation Intelligence Gazette, weekly field intelli- 
gence summaries, suspicious incidents reports, and specialized assessments on ter- 
rorist groups, weapons, explosives, CBRNE threats, modus operandi, tactics, and 
trends (TSA, 2006); CI&A also provides baseline threat assessments. OI directs 
TSA’s red cell activity (ie, red teaming, discussed in chapter: The Threat Matrix) 
to identify potential vulnerabilities in the transportation system through the use of 
adversarial (terrorist) role-playing and scenario development (TSA, 2006). 

The TSA employs field intelligence officers (FIOs) to analyze incoming threat 
information, serve as the principal advisor to FSDs on intelligence matters, and 
develop and maintain working relationships with federal, state, local, and private 
entities responsible for transportation security (TSA, 2006). FlOs gather law 
enforcement and intelligence information and disseminate it throughout the 
national IC. Law enforcement information is vetted, validated, and formatted as 
HIRs by TSA’s OI HIR program (TSA, 2006). 


FEDERAL AIR MARSHALS 


The mission of the FAMs program is to “promote confidence in our Nation’s civil 
aviation system through the effective deployment of FAMs to detect, deter, and 
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defeat hostile acts targeting US air carriers, airports, passengers and crews” (TSA, 
n.d.c.). FAMs detect, deter, and defeat hostile acts against US air carriers, passen- 
gers, and crews. As armed federal LEOs deployed on passenger flights world- 
wide, the mission of the FAMs is to protect airline passengers and crew against 
the risk of criminal and terrorist violence. FAMs perform investigative work and 
participate in multiagency task forces and in land-based investigative assignments 
to proactively fight terrorism. FAMs promote public confidence in the safety of 
the nation’s aviation system as a “quiet professional” in the skies (TSA, 2012). 

FAM intelligence personnel collect, analyze, evaluate, and disseminate foreign 
and domestic intelligence and threat warning information (TSA, 2012). Air mar- 
shals dress as normal travelers to blend in with their surroundings and attempt to 
act as “normal” passengers. Air marshals carry firearms and are authorized to use 
lethal force in the protection of the flight deck from terrorist takeover. They have 
the same use-of-force restrictions as other federal law enforcement agents. The 
ammunition used by air marshals is designed to stop when it hits an individual 
rather than penetrate an aircraft’s hull or continue through the cabin of a crowded 
commercial airliner. 

The air marshal program was informally started in 1963 when President 
Kennedy ordered the federal government to deploy LEOs to act as security offi- 
cers on certain flights. The program was formalized in the early 1970s as the Sky 
Marshal Program, a name that was later changed to FAM Program. By the 1980s, 
there had not been a significant hijacking in the United States for many years, 
and the number of air marshals was reduced. By the 1990s, the air marshals were 
primarily used on international flights. On 9/11, there were only 33 FAA employ- 
ees serving as air marshals. 

The ATSA 2001 legislation called for the revitalization of the air marshal 
program. The actual number of air marshals is classified, but estimates put the 
number into the thousands. Although there still are not nearly enough to be on 
every US flight, their presence can act as deterrence as they operate undercover. 
Not all passengers are aware if an air marshal is on a particular flight. 

FAMs must meet the highest firearm standards of any federal agency. They 
train on aircraft donated by the airlines. Airline personnel also train FAMs on 
basic aircraft operations, such as how to open the doors and flight deck familiari- 
zation. When FAMs are not flying, they are usually training and honing their 
instincts to take immediate action to protect an aircraft. These instincts were used 
when a distraught man in Miami was shot and killed by the onboard FAMs when 
he threatened to blow up the aircraft. FAMs have a unique operating environment 
and must be prepared to handle a variety of in-flight situations without the oppor- 
tunity for backup. FAMs always work in numbers greater than one. They know 
that for an aircraft in flight, backup from other law enforcement agencies will not 
occur until the aircraft lands. 

FAMs are assigned to certain high-risk flights based on a variety of intelli- 
gence information and other classified factors. Their assignments are coordinated 
out of the TSOC. Although there are not enough FAMs to be onboard every 
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flight, TSOC helps create a force multiplier with other federal agencies.'* Every 
day throughout the United States, hundreds of federal agents also travel by com- 
mercial airlines as part of other duties or missions. TSOC keeps track of agents 
from other federal agencies and can make FAM flight assignments based on this 
information. Dave Adams, of the Director’s Office of FAMs, described this pro- 
cess by stating, “For example, if we know there are already several secret service 
agents on a flight going somewhere for other duties, then we can make better 
decisions about how many air marshals are needed on that flight, if any” 
(D. Adams, personal communication, 2006). 

Although other federal agents have not been trained in the specifics of 
in-flight defense tactics, they do represent additional law enforcement presence 
on an aircraft. All federal agents are authorized to carry firearms onboard an air- 
craft at all times, regardless of whether they are traveling for business or pleasure. 
The same is not true of state and local police officers. 

FAMs perform a variety of other duties including surveillance at airports. 
Using their issued personal digital assistants, air marshals with wireless Internet 
access can send messages to the TSOC regarding suspicious individuals and 
receive photos and information from the TSOC on developing situations and new 
intelligence. FAMs are represented on the local JITTF and participate in local 
“surge” initiatives for airports and other transportation modalities. FAMs receive 
additional support from the Tactical Intelligence Branch of the TSA, which moni- 
tors and analyzes terrorist trends (D. Adams, personal communication, 2006). 


SPECIAL PROGRAMS 


The TSA also sponsors two programs directed at crew member self-defense, the 
FFDO Program and the Crew Member Self-Defense Program. Under the FFDO 
program, eligible flight crew members are authorized by TSA to use firearms to 
defend against acts of criminal violence or air piracy attempting to gain control of 
an aircraft. A flight crew member may be a pilot, flight engineer, or navigator 
assigned to the flight or cargo pilot. 

FFDOs are trained by the FAM Service on the use of firearms, use of force, 
legal issues, defensive tactics, the psychology of survival, and program standard 
operating procedures. FFDOs are not paid for their duties as an FFDO. The 
FFDO program is covered more extensively in Chapter 8, Commercial Aviation 
Aircraft Operator Security. 

The Crew Member Self-Defense Training (CMSDT) Program is available to 
all actively employed or temporarily furloughed US carrier crew members. The 
program teaches basic self-defense tactics that can be executed in the confines 
of an aircraft cockpit or cabin, and additional techniques to use “on the street.” 





184 force multiplier is an increase in the strength or effectiveness of an entity. In the case of 
FAMs, knowing on which flights other federal agents are also flying allows the FAMs to cover 
more flights. 
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The additional training is useful as crew members travel extensively to a wide 
variety of destinations and may need to protect themselves against attack. 
CMSDT is provided at no cost and crew members are welcome to attend the 
training as often as desired. 


FEDERAL BUREAU OF INVESTIGATION 


A critical role of the FBI, post-9/11, is to protect and defend the United States 
against terrorist and foreign intelligence threats. Each FBI office with an airport 
within its geographic jurisdiction has an agent assigned to handle aviation secu- 
rity. This agent is responsible for disseminating information to local airport and 
aircraft operators and law enforcement that may not have come through the FSD 
information channels. The agent also serves on the airport’s security consortium 
and is the liaison to commercial service and GA airports. 

The FBI is called whenever there is destruction of a commercial aircraft. It is 
assumed that this is a terrorist or criminal act until determined otherwise. The 
FBI has been involved in several high-profile aviation incidents including the 
bombing of Pan Am Flight 103 over Lockerbie, Scotland, and the destruction of 
TWA Flight 800 (Holden, 2005). The FBI was part of the investigation into the 
cause of the accident, with the National Transportation Safety Board, until it was 
determined that the cause was unlikely to be a terrorist bomb or other type of 
attack. 

The FBI has an extensive history of involvement in domestic and international 
terrorist actions. When there is a terrorist incident overseas, even if US citizens 
are not involved, the FBI will often send agents to assist with the investigation 
and learn more about terrorist operational methods. After 9/11, the FBI sent spe- 
cial agents to interview more than 3000 crop duster owners and operators regard- 
ing the potential use of agricultural aircraft for terrorist purposes. 

The FBI’s Civil Aviation Security Program provides key investigative 
resources to 56 FBI field offices including aerial surveillance and photography. 
The program also includes transportation of critical personnel, equipment, and 
evidence in crisis situations (eg, hijackings and airport incidents) (FBI, 2006). 

All TSA security—regulated airports have at least one FBI airport liaison agent 
(ALA) assigned to it for investigative purposes, and larger airports have slightly 
larger contingents. An ALA is the point-of-contact for the airport and aircraft 
operator security personnel to the FBI. The ALA investigates violations of federal 
criminal laws at airports, provides security intelligence and training to members 
of the airport community including local police, and speaks at airline ground 
security coordinator classes. 

During security incidents at airports or on aircraft under the jurisdiction of the 
United States, the FBI has jurisdictional authority—not the TSA. Local law 
enforcement has authority until the FBI arrives and takes over primary responsi- 
bility for incident command. The FBI “special jurisdiction” onboard aircraft 
begins the moment all doors are closed after boarding and ends when they are 
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reopened. If the aircraft is still on the physical ground and the doors are closed 
the FBI has concurrent jurisdiction with the local police. While in flight, in the 
actual air, only the FBI has jurisdiction. The FBI investigates federal crimes on 
aircraft including: 


Air piracy or hijacking 

Interference with flight crew and federal screeners 

Crimes aboard aircraft 

Destruction of aircraft 

Loaded weapons in checked baggage 

Weapons at checkpoints 

Bomb threats (often handled by the local police) 

Interstate transportation of stolen property 

Falsification of records (FAA regulates A/C, maintenance, pilot records; 
typically the FBI gets involved after an accident or incident regarding a 
logbook or other falsification) 

10. All terrorism matters 

11. Accident/crash investigations 


HON Og’RPWN> 


The FBI also investigates a fair number of nonviolent cases, such as theft of 
electronics on an aircraft. Because they take place underneath the FBI’s special 
jurisdiction, they are investigated as a federal crime. 

Airport and aircraft operators should be familiar with the following resources 
that the FBI can bring to an incident: 


1. JTTF. The link between the FBI and state and local LEOs. A specific JTTF 
exists for every major metropolitan city. They are staffed with FBI special 
agents, other federal agents, state and local LEOs, and first responders (Holden, 
2005). ASCs should be familiar with their local JTTF to access the latest threat 
and response information. Connected to JTTF is the National Joint Terrorism 
Task Force (NJTTF), based in Washington, DC. NJTTF is the fusion point for 
intelligence acquired about counterterrorism operations (Holden, 2005). 

2. Critical Incident Response Group (CIRG). A team of 100—150 special agents 
and other personnel able to respond to high-profile events such as the 
Olympics, the World Economic Summit of the Eight, terrorist acts, major 
crimes, or natural disasters. The local FBI office contacts FBI headquarters for 
CIRG assistance. Resources consisting of crisis negotiators, behavioral 
analysts, computer specialists, and others back the CIRG. Depending on the 
nature of the incident, the CIRG can establish an incident command post in as 
little as 2 hours (Holden, 2005). 

3. Crisis Negotiations Unit. This unit is responsible for hostage negotiations and 
are notified if there is a hijacking or a hostage situation at an airport or 
involving aviation. 

4. George Bush Strategic Information Operations Center (SIOC). A central crisis 
management and special-event monitoring center supporting major cases, 
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tactical operations, and exercises. The SIOC maintains a 24/7 watch operation 
observing terrorists and terrorist-related activities throughout the world. The 
SIOC also conducts analysis of potential terrorist activity and sends updates to 
agents in the field (Holden, 2005). It is likely that much of the intelligence 
information related to threats against aviation or transportation is generated at 
the SIOC. 

5. Hostage Rescue Team (HRT). A special counterterrorist unit responding to 
terrorist incidents in the United States. The HRT provides a tactical option to 
a hostage or hijacking situation. However, its members are not US military 
operatives, meaning they are able to make arrests, testify in court, and must 
operate within the confines of the US Constitution. In contrast, the US Army’s 
Delta Force or the US Navy’s Seal Team Six, both charged with duties of 
responding to hijackings and hostage takings, normally operate outside of the 
United States. Military operations within the United States are restricted under 
the Posse Comitatus Act of 1878.'° 

6. The FBI can bring additional resources in the form of special agents, a 
nationwide network of international liaison contacts, the FBI laboratory and 
disaster teams, evidence response teams, special agent bomb technicians, 
hazardous material and WMD specialists, technical agents, electronics experts, 
computer analysis response team, personnel electronics technicians, and 
victim witness coordinators. Agents also work with specific airlines to provide 
airline resources and information as needed. 


Another capability of the FBI related to airport and aircraft operator security 
is the Terrorist Information System (TIS). TIS is an online database with the 
names of 300,000+ individuals and 3000 organizations of interest. The FBI is 
also responsible for the investigation of crimes against interstate property, which 
brings air cargo into the purview of the FBI that may be conducting active inves- 
tigations of personnel in an airport. 

What should airport authorities do when the FBI arrives at an airport in 
response to a security incident? This is an important question for airport operators 
and ASCs to address, because the FBI’s presence creates a significant impact on 
airlines and passengers. Although it is not the purpose of this text to go into the 
specific tactics of the FBI, airport and aircraft operators can significantly assist 
the FBI in their response by understanding a few basic operational considerations 
(Price, 2006). The FBI will need to take the following steps: 


1. Access resources such as secure meeting rooms, secure phone lines, data 
links, CCTV access, and other resources normally associated with an incident 
command center (ICC). 

2. Likely have a few agents at the airport ICC to act as liaisons; however, the 
FBI prefers to coordinate much of their activities from another location to 





Posse Comitatus Act (18 USC 1385). This law enables the use of US military forces to “execute 
the laws” except where expressly authorized by the Constitution or Congress. 
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maintain operational security. This strategy depends on the working 
relationship between the airport’s law enforcement agencies and other federal 
agencies such as the TSA, the FBI, and the security of the airport’s ICC. 
Airport ICCs without tight controls on access are likely to be shut out of 
information coming in from other agencies because of the potential 
compromise of operational security. Although this may be a perceived 
hindrance to the effectiveness of the airport’s incident command system, law 
enforcement agencies may feel it is an effective trade-off to maintain 
operational security. 

3. Arrange for a separate room to conduct hostage negotiations, if such a 
situation exists. 

4. Arrange for staging areas for their tactical response teams; escorts by airport 
operations or LEOs to move around the airfield; equipment such as air stairs, 
aircraft tugs, and fuel trucks; and access to the air traffic control tower and/or 
other air traffic control facilities. 


CUSTOMS, IMMIGRATIONS, AND AGRICULTURAL 
ENFORCEMENT AGENCIES 


With the creation of the DHS, the Customs Service, INS, and other related agen- 
cies were reorganized (as related to airport operations) into ICE and CPB. ICE is 
the investigations arm of the DHS; CPB combines elements of the former inspec- 
tion arms of US Customs and US Immigration, along with Animal and Plant 
Health Inspection and the former US Border Patrol. Formerly, the Customs 
Service managed the INS and the Department of Agriculture was responsible for 
overseeing foods, plants, and animals brought into the United States. 

CPB personnel staff customs and immigration checkpoints, watching as pas- 
sengers and their belongings arrive in the United States, checking immigration 
and citizenship documents, and inspecting the persons and baggage of suspicious 
travelers. CPB staff also conduct animal and plant health inspections. ICE person- 
nel are less in the public view, often in charge of investigations of personnel 
working at an airport who may be involved in illegal smuggling, or of passengers 
using aviation as a transit point to conduct illegal activities such as smuggling. 
CPB personnel manage the Advance Passenger Information System, which 
requires aircraft operators to submit passenger manifests and other information 
that is subsequently checked by CPB personnel. 

GA airport operators, particularly those along the US borders, may also 
encounter CPB or ICE personnel. Some GA airports host their own CPB offices 
to facilitate business travelers arriving on corporate or private aircraft from out- 
side the United States. GA airports are sometimes used as launch or recovery 
points for smuggling illicit goods and human cargo, so ICE (investigative) or 
CPB (active inspection and interdiction) personnel may be involved in operations 
at such airports. A relatively new phenomenon has drug smugglers using 
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ultralight aircraft and landing at small airports or in open fields to deliver illegal 
narcotics to the United States. Unmanned aerial vehicles are also used to patrol 
the US border and certain offshore areas and may operate from civilian airports. 

CPB and ICE agents should be included in an airport’s emergency incident 
plans. Airport operators must understand that the area where CPB personnel oper- 
ate represents the border to the United States, thereby increasing security aware- 
ness and protections for those areas. 


OTHER FEDERAL AGENCIES 


Airport and aircraft security personnel may encounter a number of individuals 
from a variety of federal agencies, including the US Secret Service, the Drug 
Enforcement Administration (DEA), the US Marshal Service (USMS), and the 
Diplomatic Security Service. The US Secret Service, charged with the protection 
of the president and certain other dignitaries, requires special handling when Air 
Force One, Air Force Two, Marine One, or other aircraft under their protection 
arrive at an airport. Advanced teams will arrive weeks ahead to coordinate aircraft 
parking and site security for an event. Airport personnel can expect that access to 
the aircraft will be highly restricted; flight operations are shut down while the air- 
craft arrive and depart, and often detours are established on the airfield for other 
taxiing aircraft and ground vehicles. 

The USMS conducts several significant missions that occasionally involve air- 
ports and airlines. The apprehension of fugitives, the protection of federal wit- 
nesses, the protection of federal judges, and the transportation of federal criminals 
are the primary missions of marshals. Marshals may track and arrest fugitives on 
airport property or conduct investigations on passengers or employees at an air- 
port. Prisoners are frequently transported both on commercial aircraft and on air- 
craft owned by the USMS through an operation known as the Justice Prisoner and 
Alien Transportation System (JPATS).”? JPATS flights facilitate the transfer of 
approximately 175,000 federal prisoners and some 3000 other state and military 
prisoners from various prisons and jails every year. When an airport is used for a 
JPATS flight, the USMS requires a location on the airport to conduct the transfer 
as it is too dangerous and complicated to conduct transfers in the concourse and 
sterile areas. The selected site must have adequate space and pavement loading to 
handle the size and weight of the JPATS plane. JPATS operations use various 
types of aircraft, from small corporate aircraft to the Boeing 737. The transfer site 
must allow marshals to provide security during the transfer. In some transfers, 
only a few USMS vehicles may be needed, whereas others require several busses 
of prisoners to be transferred. 

USMS pilots work with air traffic controllers to keep aircraft from taxiing too 
close to the prisoner transfer operation. Airport operations and law enforcement 
personnel are usually called on to escort USMS personnel to and from the 
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aircraft.” The DEA conducts frequent investigations on the transshipment of nar- 
cotics and narcotic traffickers using commercial and GA aircraft. The DEA also 
has an aviation division and may establish a base of operations at a hangar, often 
at a GA airport. DEA special agents work frequently with aircraft operator secu- 
rity coordinators on investigations where illicit drugs are being transported on 
commercial aircraft. 

DEA agents conduct surveillance operations at GA airports because drug traf- 
fickers often use GA airports. Flight schools are sometimes used as recruiting 
grounds for drug traffickers looking for pilots. Airport operators must understand 
the secretive nature of such investigations and assist the DEA and other federal 
agencies in maintaining confidentiality. 


STATE AERONAUTICAL AGENCIES 


State aeronautical agencies exist in all 50 US states. Often, the aeronautics agency 
is a subdepartment of each state’s transportation department or division. State 
aeronautics agencies may serve in an advisory or regulatory capacity over the air- 
ports within their state and often have a role in advising or distributing financial 
grants to airport operators. 

Each state aeronautical agency varies in organization structure and has various 
levels of power and influence over the operation and management of the state’s 
airports. For example, Florida has approximately $129.90 million (fiscal year 
2010) in annual state funding that is available to airports. That is in addition to 
the funding Florida airports receive from the federal government. By contrast, 
Colorado has approximately $20 million (fiscal year 2012) a year budgeted to air- 
ports. In both cases, each state has significant input over what federal monies an 
airport will receive through their agreements and relationships with the FAA’s 
airport district office. 

State aeronautical (or aviation) agencies provide other services for airports 
and pilots including the formulation of state aviation systems plans, installation of 
weather reporting facilities, and other improvements. In New York, the state’s 
aeronautical agency published GA airport security guidelines. In other states, the 
aeronautical agencies are involved in legislation regarding airport security. These 
policies may sometimes infringe on the powers of the federal government to regu- 
late air commerce. In 2002, a review of the web site of the National Conference 
of State Legislators (NCSL) showed 31 separate state bills that would add to the 
federal aviation security requirements in the areas of flight school operations, air- 
port security regulations, and airport personnel and law enforcement, including 
one bill that would make flight school training to non-US citizens unlawful 





71Other local law enforcement agencies may also conduct prisoner transfers, which should be 
coordinated with the airport security and airport law enforcement personnel ahead of time. The 
carriage of weapons through the screening checkpoint and regulations regarding prisoner escorts on 
commercial aircraft are covered elsewhere in this text. 
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(NCSL, 2002). Many of the bills that have been sponsored since then were with- 
drawn, died in committee, or were never enacted because of conflict with the fed- 
eral government’s right to regulate the aviation industry. A few state measures 
did survive, particularly in the areas of GA security. Several states have also 
adopted the TSA’s GA airport security guidance (TSA document A-001) as law 
for GA airports within their state. Most state aeronautical agencies participate at 
some level in the annual capital improvement funding of airports and, therefore, 
participate in deciding what monies are used for aviation security purposes. 


LOCAL LAW ENFORCEMENT 


Local law enforcement agencies also receive and sometimes develop their own 
intelligence information. Some police departments like the New York and Los 
Angeles police forces have their own intelligence-gathering branches with person- 
nel actively involved in intelligence gathering. Where local law enforcement 
agencies do not have these resources, they still have access to a wider intelligence 
network than an airport or aircraft operator. These local agencies can disseminate 
information to airport and airline operators and other federal agencies. Smaller 
commercial service and GA airports may not have the large and active law 
enforcement agencies of larger commercial service airports, but that does not 
diminish the possibility that a smaller airport may be considered a target of oppor- 
tunity by criminals or terrorists and should not be ignored by security agencies. 

State and local law enforcement can sometimes be of greater assistance to air- 
port and aircraft operators than federal agencies, as local law enforcement has a 
smaller purview and a more active interest in activities that directly affect the 
local community. Additionally, criminal activities and terrorist plots can be 
planned surreptitiously in rural parts of the country and in major metropolitan 
cities. The development of local intelligence and the sharing of that intelligence 
through the FBI’s JTTF are important to the overall security of the community 
and the airports and airlines that serve it. 

Investigations and arrests of individuals suspected to be engaged in terrorist or 
criminal activities can provide additional information contributing to antiterrorist 
efforts. For example, a local theft of a large amount of fertilizer may be larceny 
or it could be part of a terrorist plot to bomb the airport. Information of this 
nature may be actionable intelligence once it is brought up to other agencies 
including airport and aircraft operators. It is up to the agency making the arrest to 
investigate these possibilities and make the information known to state and fed- 
eral law enforcement agencies and, when applicable, to local airport and airline 
operators. The individual arrested for the crime may provide information as to 
what his or her intent was in using the stolen substance. Other intelligence reports 
may also be able to shed light on similar thefts or intelligence information indi- 
cating that terrorists are actively plotting to attack a target using a fertilizer-based 
improvised explosive device. The 9/11 Commission was critical of the inability of 
government agencies to share intelligence information with one another. 


Domestic and Regional Aviation Security 


REQUIRED LAW ENFORCEMENT SUPPORT FOR COMMERCIAL 
SERVICE AIRPORTS 


Under US Regulation Title 49 CFR Parts 1542.215 and 1542.217 Law 
Enforcement Personnel and Support, commercial service airports are required to 
maintain either a law enforcement presence or the ability for law enforcement 
personnel to respond in the case of a security incident. The exact number of 
LEOs is determined on a case-by-case basis at each airport. Smaller commercial 
service airports will likely have fewer LEO requirements because of the smaller 
number of flights. Airports with limited LEO requirements may only have a 
response time for LEOs to arrive on scene instead of officers actually assigned to 
the airport. The exact response times are considered SSI. At larger commercial 
service airports, numerous LEOs are often required both to be available to 
respond to incidents and to be able to patrol the landside and airside operational 
areas. Specifically, LEOs must be able to respond to incidents at the screening 
checkpoints and to any location on the airport where an aircraft incident is taking 
place. At the largest commercial service airports, an LEO is often required to be 
present at the screening checkpoint anytime the checkpoint is in operation. 

LEO presence at screening checkpoints is thought to deter potential criminal 
or terrorist activity. Much of the theft at an airport occurs at the screening check- 
points when travelers have to give up control of their personal belongings for 
screening. LEO presence is also designed to make criminals or terrorists nervous 
as they know the police are directly observing them. Overall, screening personnel 
are less subject to verbal abuse or upset passengers when police are present. If a 
screener detects a weapon or an explosive on either a passenger or the passenger’s 
carry-on baggage, the police are available instantly to respond. 

Airports must also have enough LEO personnel either on duty or available to 
respond to foreseeable incidents, normally included in the contingencies section 
of the ASP. The total number of LEOs required at a particular commercial service 
airport is stated in the ASP. The minimum law enforcement requirements for 
LEOs with airport responsibilities are as follows: 


1. Have arrest authority with or without a warrant while on duty at the airport 
for crimes committed in the presence of the LEO and for felonies the LEO 
has reason to believe that the suspect committed. 

2. Are identifiable by appropriate indicia of authority (uniforms, badges). 

3. Are armed with a firearm and authorized to use it. 

4. Have completed a training program that meets the requirements for LEOs 
prescribed by either the state or local jurisdiction in which the airport is 
located. 

5. Airports are required to maintain LEO training records until 180 days after the 
departure of that particular LEO from the airport.” 





?? Airports may also use privatized law enforcement personnel provided they meet these standards. 


e E 
199 


200 CHAPTER 4 The role of government in aviation security 


Shortly after 9/11, the National Guard was called out to the nation’s airports. 
The National Guard does not normally have arrest authority unless martial law 
has been declared, which it had not. The presence of the National Guard was a 
response by the government to help get the public flying again and to protect air- 
port infrastructure from imminent attack until intelligence could be developed to 
determine if another attack on aviation was pending. The National Guard is an 
integral part of protecting the nation’s infrastructure, including airports. Airport 
operators may consider conducting exercises and training that include National 
Guard forces to acclimate them to the airport environment. 

Under US Regulation Title 49 CFR Part 1542.219, when an airport operator 
cannot meet the minimum law enforcement staffing levels for their commercial 
service airport, the operator can request the TSA to authorize staffing from either 
the TSA or another federal or authorized agency. The factors taken into consider- 
ation are the number of passengers enplaned at the airport during the preceding 
calendar year and the current calendar year as of the date of the request; the antic- 
ipated risk of criminal violence, sabotage, aircraft piracy, and other unlawful 
interference to civil aviation operations; and the availability of law enforcement 
personnel who meet the requirements of Part 1542.217. 

The TSA also requires airport operators to maintain security-related records 
for at least 180 days. However, many municipalities, airport authorities, and cor- 
porations have record retention schedules that far exceed the requirement. 
Aviation security practitioners should check with their governing agency to deter- 
mine the exact requirements for their operation. The specific records that must be 
retained include bomb threats and actual incidents of weapons and explosives 
found within the airport and at screening checkpoints, attempted acts of air piracy 
(hijackings), and individuals arrested at the airport. 


CONCLUSIONS 


Identifying and understanding structures inherent to government and aviation 
security can be problematic because of flexibility and variations in the mission of 
each related government agency, the relationships between those being regulated 
and the regulating agencies, and the diverse nature of aviation systems in the 
United States and other nations. In this chapter, we identified and explored avia- 
tion security concerns related to various US government agencies such as the 
DHS, the TSA, and the FBI. 

The transition of responsibility from the FAA to the TSA for managing avia- 
tion security within the United States continues to have important ramifications 
for aviation security practitioners. The TSA routinely issues TSRs affecting the 
national aviation system. TSRs and amendments to TSRs can affect systems such 
as access control, badging, security area boundaries, personnel changes, and inci- 
dent management procedures. 


Conclusions 


To effectively plan and manage aviation security systems, practitioners must 
always have a current understanding of the role of government in aviation secu- 
rity. In addition, aviation security practitioners should become students of terrorist 
practices and strategies, be aware of local and world events, and understand cur- 
rent motives and methods of terrorist operations. Therefore, practitioners and gov- 
ernment agencies must work together to find effective ways to disseminate 
information and knowledge related to aviation security. New consortiums of sta- 
keholders to aviation security should meet regularly to develop strategies for the 
mitigation of and preparation against new threats to aviation security. In addition 
to regulatory responsibilities, government should help aviation practitioners reach 
these goals. 





WHY | DESIRE AVIATION SECURITY AS A PROFESSION 


Kyle Konishi 


When I first started out in the aviation program at Metropolitan State University of Denver, 
everyone expected that I would want to be a pilot. Oddly enough, I thought I did too for a year 
and a half. Then one class changed my entire perspective of my career planning, and how I 
viewed that I could actually make a difference in aviation! In my junior year, I took an Aviation 
Security class, and this class showed me how Aviation Security plays a big role in protecting our 
world’s aircraft, airports, and our global society from potential terrorist attacks and other threats. 

We have learned from history that airports and aircraft can become a significant target for a 
terrorist attack, and we have seen what those attacks can do to negatively affect our world’s 
socioeconomic and geopolitical settings. That is why we need more professionals, strategies, and 
systems to help us figure out ways to make it harder for terrorists to target our aircraft and 
airports or to essentially give them the understanding that it is too hard to try implementing a 
threat. Finding ways to make them reason that they have no chance of succeeding, and being able 
to protect millions of travelers, as well as airport and airline employees, provides me the drive to 
become a career professional in the Aviation Security world. 

When I learned that I could potentially help to protect my friends and coworkers in the 
aviation industry from another terrorist attack, I wanted to learn more about what I could do to 
make a difference and learn about positions I could be in to help make airports safer. For 
instance, there are programs from AOPA for GA pilots to become more aware of suspicious 
activity or if an aircraft is being used for unsafe or illegal purposes. In addition to the AOPA, the 
security specialist can also report these types of activities to local state agencies, such as the 
CIAC (for example). 

I have also discovered that there are plenty of options to gain a security internship for many 
airports or federal agency that help keep planes safe in the air and on the ground. DIA and LAX 
are two examples of airports that utilize interns for developing innovative security actions. 
Examples of first-hand learning in Aviation security internships include studying how LAX 
learned from their first active shooter situation and were more prepared to deal with the second 
one that happened not too long ago. DIA has also shown that they are willing to create new layers 
for security and test out the latest technologies to keep passengers and employees safe—this is 
especially challenging since DIA is a “city within a city.” 

What I love about the community of Aviation Security is that airport administrators and 
security specialists from all around the world often meet to share best practices and develop 
improved security practices. For example, the Director of Security at DIA addressed concerns 
over a new passenger train that now goes directly into the landside of DIA’s terminal. At a recent 
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workshop, managers at other airports that have trains coming or getting close to the airport 
perimeter shared information on how they handled security issues with their train system. The 
whole security community is one enormous community of practice—sharing the “good and the 
bad” as related to security processes, technologies, and policies. 

The Aviation Security world is such a highly complex systems-of-systems! It is being taken 
care of by the best security professionals in the United States in order to help ensure that air 
commerce succeeds, and that public can travel safely at will. I want to become part of that national 
security team and its legacy of protecting our passengers and employees from whatever creates the 
next threat—whether it be a terrorist attack or a passenger making the mistake of mixing drugs, 
alcohol and altitude! I want to help join the professionals in Aviation Security that continuously 
study, practice, and research ways to make air transportation safe throughout the world! 
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OBJECTIVES 


This chapter explores the more practical and routine responsibilities of airport 
operators and government personnel in managing airport security. Included is a 
discussion of the requirements and applications of the Airport Security Program, 
the role of the Airport Security Coordinator, the general layout and requirements 
of the Security Area, the function of the Physical Access Control System, the 
credentialing process, and incident response requirements. Security threats and 
challenges between the landside, terminal, and public and nonpublic areas of an 
airport are analyzed, and perimeter security requirements are discussed. 
Applications for using secured areas, security identification display areas, and air 
operations areas to differentiate various levels of security are also presented. 


INTRODUCTION 


The business of securing a commercial airport is a shared responsibility between 
the airport operator, the air carriers and tenants, and the Transportation Security 
Administration (TSA). Before 9/11, nearly every aspect of airport security was 
the responsibility of the airport operator with the exception of passenger screening 
(an air carrier responsibility). The Federal Aviation Administration (FAA) over- 
saw both airport and airlines compliance with aviation security regulations. Since 
9/11, the boundaries for aviation security responsibilities among various regula- 
tors and entities have become increasingly blurred. The TSA is clearly in charge 
of screening and overall regulatory compliance; however, as specified in Title 49 
CFR Part 1542, the responsibility for most other aspects of airport security 
remains with airport operators. 

An additional challenge to the airport industry is that the TSA continues to 
migrate into many areas of what has traditionally been the responsibility of the 
airport operator. For example, the TSA has created the Behavior Detection 
Officer Program and hired transportation security specialists for explosives (for- 
merly known as bomb appraisal officers), along with civilian K-9 officers, 
deployable law enforcement personnel, and visible intermodal protection and 
response teams—performing many of the same functions previously (and still) 
performed by airport police and security personnel. The TSA has also taken over 


Practical Aviation Security. DOI: http://dx.doi.org/10.1016/B978-0-12-804293-9.00005-9 
© 2016 Elsevier Inc. All rights reserved. 


205 





ee 
206 


CHAPTER 5 Commercial aviation airport security 


the travel document check process and has previously experimented with deploy- 
ing a form of broadcast millimeter wave imaging technologies throughout the 
public areas of a terminal building.’ Most recently, the TSA has started to deploy 
K-9s that are specially trained to detect vapors of explosive elements in passenger 
areas (versus the traditional K-9 explosive detection team, which always focused 
on stationary objects). While some in the industry have viewed the TSA’s 
expanding role as mission creep, other Airport Security Coordinators (ASCs) are 
determined to either see how the additional resources can enhance security or at 
least de-conflict overlapping responsibilities to the extent possible. 

Under Part 1542, airport operators assume certain security responsibilities. 
These include appointing an ASC who is responsible for drafting, implementing, 
and enforcing the Airport Security Program (ASP), managing physical access 
control to protect the security areas of the airport, and the credentialing required 
for any employee requiring an airport access/identification media (ID badge). 
These also include ensuring the airport meets its law enforcement response require- 
ments and developing airports’ contingency and incident management measures. 


CHALLENGE OF COMMERCIAL AIRPORT SECURITY IN THE 
UNITED STATES 


Fundamentally, airport security focuses on protecting the airfield and aircraft 
through limiting access by the general public and aviation employees, while still 
allowing those passengers and employees to efficiently move through the facility. 
Through leases and operational requirements, agencies such as the TSA, US 
Customs and Border Protection (CBP), and domestic and foreign air carriers con- 
trol many areas of an airport facility, further complicating the airport operator’s 
ability to secure the facility. The expanding and changing authorities of the TSA 
also present challenges to airport operators, such as changing oversight responsi- 
bilities for a particular area of an airport depending on the time of day or staffing 
requirements. For example, in 2006, the TSA determined that the screening 
checkpoint exit lanes’ were the responsibility of the airport operator—sometimes. 
Some in the airport community accused the TSA of trying to fix its own budget 
and staffing challenges under the guise of shifting security. This led the TSA to 
modify its decision to add criteria as to when the exit lanes would be the respon- 
sibility of the airport and when they would be the TSA’s responsibility. 

Publicly, airport security is a team effort, with many individuals and organiza- 
tions focusing on the objective of protecting the airport system and related infra- 
structure. The Government Accountability Office (GAO) summarized the role of 





In light of the attack on the Brussels airport in 2016, these types of area scanning technologies 
may be returning. 
?The area where inbound passengers exit the sterile area of an airport to the public area. 
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the government and local airport operators in the following April 2006 report 
describing the TSA’s progress in protecting airports: ATSA (Aviation and 
Transportation Security Act of 2001) also granted TSA the responsibility for over- 
seeing US airport operators’ efforts to maintain and improve the security of com- 
mercial airport perimeters, access controls, and airport workers. While airport 
operators, not TSA, retain direct day-to-day operational responsibilities for these 
areas of security, ATSA directs TSA to improve the security of airport perimeters 
and the physical access controls leading to secured airport areas, as well as take 
measures to reduce the security risks posed by airport workers. Each airport’s 
security program, which must be approved by TSA, outlines the security policies, 
procedures, and systems the airport intends to use in order to comply with TSA 
security requirements. Federal security directors (FSDs) oversee the implementa- 
tion of the security requirements at airports (Government Accountability Office, 
2006, p. 7). 

Although the TSA provides regulatory oversight over airport security 
practices, it is the airport operator who must develop and implement prescribed 
security practices. A misunderstanding resulting from this is that many in the 
public eye view the FSD, who is employed by the TSA, as being “in charge” of 
security at commercial service airports, but FSDs (and their designated assistants 
or deputies) have few deployable personnel to intervene during an incident or to 
carry-out airport-related security responsibilities. 

With respect to an airport, the TSA clarifies the application of transportation 
security regulations (TSRs) and provides guidance on complying with the policies 
set forth by the TSA. The TSA (through the FSD, assistant, or deputy) provides 
guidance on systems, methods, and procedures by which airport and aircraft 
operators may comply with regulations and security directives (SDs), and 
approves the ASP. However, the airport operator conducts actual hands-on 
security functions, such as access control to the airfield, management of the phys- 
ical access control system (PACS), issuance of airport identification media, law 
enforcement and security patrol, and response to emergencies. Title 49 CFR Part 
1542 addresses airport security—this section discusses the regulatory responsibili- 
ties and practical applications of airport operators, notwithstanding changing TSA 
authority and direction. 





AIRPORT SECURITY COORDINATOR 


An ASC is one of the most important people within the airport security system. 
The position of ASC was originally created in 1991, under Title 14 CFR Part 
107.29 (formerly called “FAR Part 107.29”), which specified that the airport must 
specify at least one employee to ensure a consistent application of the aviation 
security regulations. Prior to 9/11, this was many times a collateral duty of an air- 
port manager or one of their assistants. However, at large, commercial service 
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airports, particularly after 9/11, the role of ASC has expanded, and today it is an 
entire career field. ASCs are the primary point of contact for the TSA and must 
maintain a high level of awareness of aviation security policy and procedures, 
along with an awareness of the changing threats to aviation and developing tech- 
nologies and procedures to defeat or mitigate the threats. The specific require- 
ments of the ASC are described under 1542.3 (specific requirements in italics): 


1. Serve as the airport operator’s primary and immediate contact for security- 
related activities and communications with TSA. ASCs may perform other 
duties other than ASC, which is often the case at smaller commercial service 
airports. 

2. Is available to TSA on a 24-hour basis. ASC’s often appoint assistant or 
associate ASCs so that the 24/7 requirement can be maintained. 

3. Review with sufficient frequency all security-related functions to ensure that 
all are effective and in compliance with this part, its security program, and 
applicable SDs. 

4. Immediately initiate corrective action for any instance of noncompliance with 
this part, its security program, and applicable SDs. 

5. Review and control the results of employment history, verification, and 
criminal history records checks required by 1542.209. 

6. Serve as the contact to receive notification from individuals applying for 
unescorted access of their intent to seek correction of their criminal history 
record with the FBI? 


The ASC must draft and enforce the provisions of the ASP, implement poli- 
cies set forth by SDs, and oversee credentialing and access control. The ASC is 
the primary liaison between the FSD and other agencies with aviation security 
responsibilities. The ASC must have a comprehensive understanding of the secu- 
rity regulations and policy requirements of the TSA to carry out key 
responsibilities. 

Any ASC must be trained in curriculum areas defined in Title 49 CFR Parts 
1540, 1542, 1544, 1546, and 1548. The TSA does not approve individual ASC 
training programs. Rather, the TSA specifies that any ASC training program must 
cover the required curriculum elements. Although any ASC can train any other 
individual to be an ASC, the best practice is for the individual to attend formal 
industry training or certification courses, such as those offered by the American 
Association of Airport Executives (AAAE) or other entities with expertise. 
AAAE’s program provides a standardized curriculum with the latest industry 
trends and discussions that exceed regulatory requirements. 

Although an ASC is not required to undergo retraining unless there has been a 
2-year break in serving as an ASC, as a best practice, many ASCs choose to con- 
tinue their security education through a variety of commercially available industry 





“This duty is frequently delegated to a Trusted Agent (TA) who handles the actual paperwork 
involved with the credentialing process. 


Airport Security Program 


training programs and conferences, such as the AAAE Airport Certified 
Employee-Security course (for more information, see www.aaae.org). 

In accordance with an old FAA security amendment AP-97-01 (still in effect), 
ASCs must maintain a liaison with domestic and foreign air carriers’ station man- 
agers on security issues. ASCs routinely work with the FSD, the assistant federal 
security director (AFSD)' for screening, and the AFSD for compliance, along 
with airport operations, law enforcement personnel, and major airport tenants. 
The ASC chairs the airport security consortium.” 

Drafting and carrying out the provisions of the ASP is the ASC’s primary 
duty. ASCs must draft and enforce the ASP, including correcting any actual con- 
ditions not in compliance with the ASP. The ASC must make adjustments to the 
security program in response to TSA SDs and to changing threats to aviation, and 
write amendments to the ASP to accommodate airport tenants when construction, 
maintenance, and expansion projects are in progress, or to conduct the occasional 
emergency exercise. 

ASCs decide how to distribute the ASP and to which entities. It is then the 
ASC’s responsibility to ensure that changes to the ASP and the provisions of SDs 
are disseminated to the authorized airport parties. A significant part of the ASC’s 
duties is getting the TSA to approve the security program and then working with 
the TSA on implementing the provisions of the ASP, and address the expanding 
security roles of the TSA in the airport terminal building. 

There is often debate between the ASC and TSA personnel about what consti- 
tutes compliance with the regulations as described in the ASP. When TSA was 
first created, many TSA compliance and FSD personnel had limited airport and 
air carrier management experience, whereas many ASCs have multiple years of 
experience in either airport or air carrier operations. The TSA has recognized the 
need for a mix of backgrounds for its compliance inspectors, bringing in those 
with aviation backgrounds and those from other backgrounds, so the ranks have 
been infused with a mix of personnel over the past decade. 

Other duties of the ASC include implementing and overseeing the physical 
access control and credentialing programs, establishing the security identification 
display area (SIDA) training program, providing for law enforcement coverage, 
and responding to security contingencies and incidents. 


AIRPORT SECURITY PROGRAM 


Part 1542.101 outlines the general requirements of an ASP, specifying that only 
those airports with a TSA-approved ASP in place may conduct scheduled service 





“AFSDs are assigned to supervise areas such as screening and compliance. 

Aviation security legislation in 1996 mandated that airport operators develop an airport security 
consortium consisting of the ASC, airport law enforcement representation, FAA security represen- 
tation, and other federal, state, and local agencies with aviation security responsibilities. 


ee 
209 


210 CHAPTER 5 Commercial aviation airport security 


or large private charter operations. The ASP is the foundation for the entire air- 
port security system. It establishes the security areas and details how access to 
these areas will be controlled, defines the process for obtaining an access/ID 
badge (ie, the credentialing process), explains how the airport will comply with 
the law enforcement requirements of Title 49 CFR Part 1542 (including contin- 
gency and incident management programs), and specifies the actual practices for 
airport compliance with federal regulations. An ASP is specific to each airport, 
drafted by the ASC and approved by the TSA. 

Certain components of the ASP must be published in an airport’s rules and 
regulations, which regulate the conduct of employees and the general public at 
the airport. The sections of the ASP included in the rules and regulations (which 
are accessible by the public) result from discussion and consensus between the 
ASC and the FSD. Typical sections include procedures for new airport tenants to 
follow when setting up businesses at the airport and procedures for their person- 
nel to obtain airport access badges; the requirements for an individual to enter the 
security areas of the airport and approved identification for personnel in security 
areas; penalties for disobeying the rules and regulations related to security; a 
warning not to disclose sensitive security information (SSI), to which every avia- 
tion employee who is issued an SIDA access badge is exposed; badge and access 
key fees; methods for escorting unbadged individuals and for challenging anyone 
without the appropriate identification in security areas; the requirement to submit 
to screening and proper procedures for entering/exiting airport access gates and 
doors; contraband or weapons prohibitions in the security areas; and general con- 
duct in the security areas. 

Since Part 1542 applies to all types of commercial service airports, from 
Fairbanks, AL, to Atlanta Hartsfield-Jackson International, in Georgia, and every- 
thing in between, means that each airport is unique in physical and operational 
characteristics; therefore, the ASP functions as the regulations for each airport. 
Violating a process within an ASP carries the full weight and force as if TSRs 
had been violated, subject to civil and, in some cases, criminal penalties. 

In addition to outlining the geographical boundaries of the security areas of 
the airport and describing the various measures applied in each area, the ASP also 
describes credentialing as related to the issuance of airport access media for avia- 
tion employees and how the airport will meet the law enforcement officer require- 
ments under the security regulations. The ASP also describes how the airport will 
respond to contingencies and security incidents. 


APPLICABILITY AND TESTING 


This section covers Title 49 CFR Part 1542. Please note that the TSA regulations 
are subject to frequent change. Readers should review Title 49 CFR Part 1542 to 
ensure compliance with the current iteration of any regulation.° 





Current copies of the TSRs can be obtained at the TSA’s web site, www.tsa.gov. 
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The following interpretations of Title 49 CFR Part 1542 are derived from the 
authors’ perspectives and experiences related to defining and examining working 
agreements among airport operators and the TSA. Official TSA interpretations 
may differ and would take precedence, and readers should be aware of this 
caveat. 

Title 49 CFR Part 1542.5 gives the TSA authority to inspect commercial ser- 
vice airports for regulatory compliance. Part 1542 does not currently apply to 
general aviation (GA) airports’ if those airports conduct fewer than 2500 annual 
passenger enplanements. Part 1542 does apply to those who receive SDs and 
information circulars. However, GA airport managers receiving such information 
need not implement the applicable commercial service airport security measures. 

Part 1542.5 establishes the authority of the TSA to conduct tests or inspections 
of an airport’s security program, including the copying of records to determine if 
the airport is in compliance with federal regulations and the ASP. Airport opera- 
tor (and sometimes aircraft operator) employees may also be designated within 
the ASP to conduct system tests and inspections. This regulation allows the TSA 
to be within the security areas of an airport for the purposes of conducting tests 
and inspections, but it extends this responsibility only to the TSA compliance 
inspectors and those authorized by the TSA (typically, transportation security offi- 
cers, ie, screeners, are not allowed to conduct tests of the ASP). Part 1542.5 
pertains specifically to TSA-compliance inspection personnel including transpor- 
tation security inspectors (formerly aviation security inspectors and principal 
security inspectors) and air cargo security inspectors conducting validity and reli- 
ability tests of the security system. There have been occasions at some US air- 
ports where TSA screening and other airport and air carrier personnel, having 
neglected to wear the proper airport credentials in the security areas of an airport, 
have claimed, when caught, to be conducting a test of the security system. This is 
not valid; Part 1542.5 allows the TSA-compliance inspectors and certain other 
personnel designated by the ASP to conduct valid inspections of the airport secu- 
rity systems. Additionally, this testing privilege never extends to the media. 
Airport operators are required to issue access credentials to TSA personnel if they 
have undergone the airport’s site-specific SIDA training program. This helps 
ensure the TSA personnel are familiar with some of the unique security traits of 
the airport. 

The ASP is classified as an SSI document and must be protected from public 
dissemination (discussed in chapter: The Role of Government in Aviation 
Security). The ASP is not subject to individual state open records laws. Each 
page of the ASP must include a paragraph that notifies the reader that the con- 
tents are SSI. The exact language in the warning is obtained from the TSA. When 





7Over the past several years, the TSA has continued to develop various regulations that address GA 
flight operations and has discussed regulating GA airports. If a major terrorist attack involves 
GA airports or aircraft, regulations and lawmaking would likely mandate security measures for 
the GA industry. 
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the TSA approves an ASP, it embodies the regulatory practices for that airport 
and enforces it with the same level of authority as the TSRs. If there is a violation 
of the airport-specific ASP, the TSA may take enforcement actions against the 
airport based on a violation of the airport’s own security program. 

Part 1542.103 specifies the content of the ASP. The requirements of a particu- 
lar airport’s security program are based on a variety of factors, such as the 
number of annual enplanements; the airport’s location relative to other security- 
sensitive locations such as military bases, nuclear facilities, or centers of government; 
and other conditions usually identified through a risk management study. 

For security purposes, ASPs classify commercial service airports as Category X, 
Category I, Category II, Category III, or Category IV. Category X airports are the 
largest commercial service airports in the United States. Category I, Category II, 
and Category III airports are large-, medium-, and small-hub commercial airports, 
respectively. Category IV airports are usually nonhub or GA airports with more 
than 2500 enplanements per year. Some Category I airports, considered Category 
I based on the level of enplanements, are treated as Category X because of 
their proximity to other security-sensitive locations. Baltimore/Washington 
International Airport and Ronald Reagan National Airport are two examples. A 
smaller airport may have higher levels of security based on the geopolitical cir- 
cumstances at the time, if a civilian airport is collocated with a military base, or 
other factors as determined by the TSA. The TSA has established three levels of 
security programs: 


1. Complete security programs. Required for large-, medium-, and small-hub 
airports, these security programs are the most comprehensive and pertain to 
airports with scheduled passenger or public charter service using aircraft with 
passenger seating configurations of more than 60 seats. 

2. Supporting security programs. These security programs are required for many 
nonhub airports and pertain to airports with scheduled passenger or public 
charter service using aircraft with passenger seating configurations of fewer 
than 61 seats that enplane or deplane into any sterile area. They also pertain 
to any private charter operation that enplanes or deplanes into a sterile area. 

3. Partial security programs. These security programs are required for small 
commercial service airports with infrequent or seasonal commercial service, 
with scheduled passenger or public charter operations using aircraft with 
30—61 seats that do not enplane or deplane into a sterile area. They include 
scheduled passenger or public charter operations using aircraft with fewer 
than 61 seats that depart to, or come from, outside the United States and do 
not enplane or deplane into a sterile area. Typically, partial programs are seen 
in Alaska, and very few other locations in the United States. There are 21 
sections to the complete security program, as shown in Table 5.1 (and 
explained in detail throughout the text). Supporting security programs include 
only a few of the items required for a complete security program. 


Table 5.1 Comparison of Requirements for Complete and Supporting Security Programs 


Section 


10 


11 


12 


13 


Complete Security Program 


The name, means of contact, duties, and training requirements of the ASC 
required under Part 1542.3. 


Reserved for future regulations. 

Description of secured areas and associated descriptions of the access 
control methods and practices, access media, and perimeter signage. 
Description of AOAs with associated descriptions of the access control 
methods and practices and perimeter signage. 

Description of the SIDAs including descriptions of the boundaries of the 
SIDAs. 

Description of the sterile areas including the boundaries and access control 
measures when the screening checkpoint is not active and other methods of 
controlling access to the sterile area. 

Procedures used to comply with Part 1542.209 regarding fingerprint-based 
CHRCs. 

A description of the personnel identification systems as described in 

Part 1542.211 (access/ID badge). 

Escort procedures in accordance with Part 1542.21 1(e) relating to escorting 
personnel that do not have unescorted access authority within the SIDAs. 
Challenge procedures in accordance with Part 1542.21 1(d) outlining the 
process whereby those with unescorted access authority are to challenge 
others who are not wearing an access/ID badge in the SIDAs. 

The content of the airport’s SIDA training programs required under Parts 
1542.213 and 1542.217(c)(2). 

A description of law enforcement support used to comply with Part 
1542.215(a), specifically law enforcement personnel support requirements 
and training standards. 





A system for maintaining the records described in Part 1542.221, specifically 
security-related reports and forms such as law enforcement response to the 
screening checkpoint. 


Supporting Security Program 


The name, means of contact, duties, and training 
requirements of the ASC required under Part 
1542.3. 


Reserved for future regulations. 


A description of law enforcement support used to 
comply with Part 1542.215(a), specifically law 
enforcement personnel support requirements and 
training standards. 

A system for maintaining the records described in 
Part 1542.221, specifically security-related 
reports and forms such as law enforcement 
response to the screening checkpoint. 





(Continued) 


Table 5.1 Comparison of Requirements for Complete and Supporting Security Programs Continued 


Section 
14 


15 


16 


17 


18 


19 


20 


21 


Complete Security Program 


The procedures and a description of facilities and equipment used to 
support TSA inspection of people and property and aircraft operator or 
foreign air carrier screening requirements of Parts 1544 and 1546. 
Addresses the facilities an airport must have to accept international traffic 
that has not been screened to meet US regulatory requirements, such that 
screening may be conducted before passengers and baggage are allowed 
entry into the airport. 


A contingency plan required under Part 1542.301 specifying how the airport 
operator will comply with increased security measures. 


SSI procedures for the distribution, storage, and disposal of documented 
ASPs, SDs, information circulars, implementing instructions, and, as 
appropriate, classified information. 


Procedures for posting public advisories as specified in Part 1542.305. 
Addresses the requirement of airports to post warning notices to 
passengers who may be traveling to certain countries that the Department of 
Homeland Security (DHS) deems noncompliant with US aviation security 
standards or that the Department of State deems too dangerous for US 
citizens to travel to. 


Incident management procedures used to comply with Part 1542.307, 
including bomb threats, hijackings, and other unlawful acts of interference 
with aviation. 


Alternate security procedures, if any, that the airport operator intends to use 
in the event of natural disasters and other emergency or unusual conditions. 








Each EAA as specified in Part 1542.111 governing the security 
responsibilities of regulated parties, such as aircraft operators. 

Each ATSP as specified in Part 1542.113 governing the security 
responsibilities of airport parties not covered under Title 49 CFR Parts 1544, 
1546, or 1548. 





Supporting Security Program 


A contingency plan required under Part 1542.301 
specifying how the airport operator will comply 
with increased security measures. 


SSI procedures for the distribution, storage, and 
disposal of documented ASPs, SDs, information 
circulars, implementing instructions, and, as 
appropriate, classified information. 


Procedures for posting public advisories as 
specified in Part 1542.305. Addresses the 
requirement of airports to post warning notices to 
passengers who may be traveling to certain 
countries that the DHS deems noncompliant with 
US aviation security standards or that the 
Department of State deems too dangerous for 
US citizens to travel to. 

Incident management procedures used to comply 
with Part 1542.307, including bomb threats, 
hijackings, and other unlawful acts of interference 
with aviation. 
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FIGURE 5.1 


Salina Municipal Airport, Colorado. The airline ticket counter is at the left. The lobby/ 
waiting area is at the lower left. The screening checkpoint is at the right. The exit to the 
small sterile area is beyond the checkpoint. 





The complete ASP includes maps delineating security areas. These usually 
include charts showing the locations of airport access—controlled devices such as 
card readers and the locations of closed-circuit television (CCTV) cameras. The 
other ASPs, supporting and partial, are distinctly different in that they do not have 
a requirement to identify airfield security areas. The supporting and partial security 
programs are frequently used at small commercial service airports serving only a 
small number of enplanements per year. Supporting and partial programs are also 
used at airports that are predominantly GA in nature but host periodic commercial 
service flights and are still classified as “commercial service” by the FAA. 

In some small airports, screening checkpoints are located beside ticketing and 
gate operations (Fig. 5.1). After passengers go through the checkpoint, they exit 
into the airfield and proceed to board the aircraft. Air carrier personnel monitor 
the boarding to ensure that only passengers who have successfully cleared secu- 
rity screening board the aircraft. These airports typically have supporting or par- 
tial security programs. Supporting security programs do not have requirements for 
identifying security areas (secured area, air operations area (AOA), or SIDA). 
Therefore, there is no need for requirements related to personnel identification 
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(access media), addressing escorting individuals who do not have unescorted 
access authority, or challenging individuals not wearing access media. Partial 
security programs include all of the items in a supporting program, with the 
exception of providing contingency plans that specify how the airport operator 
will comply with increased security measures. 

Some airports with limited commercial service may be approved to have an 
alternate means of compliance (Part 1542.109) with the security program require- 
ments. This is the designated ramp observer (DRO) program and is most common at 
remote airports in Alaska. The DRO is assigned the task of overseeing the security 
of the commercial service operation for the duration of that operation. Before the 
arrival of commercial service aircraft, the DRO inspects the commercial service 
operation area for unauthorized individuals or contraband. The DRO then visually 
observes the entire commercial service operation including the arrival of the aircraft, 
debarkation and boarding, any screening, and the departure of the flight. The DRO 
cannot have other duties during this time (such as ticketing or loading baggage). 

Certain airport tenants, particularly air carriers, prefer to control most of the 
security measures within their leasehold areas. This is possible using an exclusive 
area agreement (EAA), under Part 1542.111, or an airport tenant security program 
(ATSP), under Part 1542.113. An EAA permits a regulated party, such as an air 
carrier, to take responsibility for any component of the airport’s security program 
including physical access control measures and personnel identification, within its 
leasehold areas. The air carrier, the airport operator, and the TSA must agree to the 
terms of the EAA, and the EAA must be included into the ASP. In no case may a 
tenant take over law enforcement responsibilities from an airport operator. EAAs 
are common for air carriers (including air cargo) that have large hubs or operations 
at particular airports. Although the EAA may specify that a regulated party will 
conduct certain security functions, the airport operator must ensure the regulated 
party is complying with the terms of the agreement. For this purpose, the airport 
operations and security personnel still have the ability to be in and around EAA- 
specified boundaries. 

ATSPs are similar to EAAs, but apply to nonregulated parties and require the air- 
port operator to take on certain TSA functions, such as developing a compliance 
audit and inspection program. GA operators of a commercial service airport, such as 
fixed-base operators (FBOs) and corporate flight operations, would be typical candi- 
dates for an ATSP, but they remain largely unpopular throughout airports in the 
United States due to the increased level of accountability and responsibility placed 
on the airport operator. The same requirements for EAAs apply to ATSPs, including 
the specification of certain security functions and the responsibility of the airport to 
monitor and ensure the tenant is complying with the terms of the agreement. 


ENFORCING THE ASP 


Title 49 CFR Part 1540 establishes TSA’s enforcement authority, but the airport 
operator is also required to enforce the airport’s security program. Title 49 CFR Part 


Airport Security Program 


1542.3(4) directs the ASC to “immediately initiate corrective action for any instance 
of noncompliance with this part, its security program, and applicable SDs.” The 
clause in Title 49 CFR Part 1542.3(4) defines the responsibility of the ASC to ensure 
the requirements of the ASP are met and, when not, to take corrective actions. When 
aviation personnel with security responsibilities violate the ASP, the ASC is respon- 
sible for ensuring that appropriate punitive action is taken. The ASP must outline the 
enforcement program and specify the penalties and the penalty procedures. 

Some airport operators have converted their airport’s rules and regulations 
into a local ordinance, making them enforceable under local laws—this enforce- 
ment extends to violations of the ASP. Other airports require user agreements 
with tenants or include an agreement within an access/ID badge application, 
which an individual signs when issued access media for a specific airport. The 
ASP must specify penalties for noncompliance. Normally these penalties include 
the confiscation of airport access media for a specified period or the issuance of 
an airport violation notice, going through the SIDA training program again, or 
have a hearing with the ASC to discuss the violation. Depending on the nature of 
the offense, criminal enforcement actions may be in addition to a TSA enforce- 
ment action or an airport enforcement action. 

Common violations of the ASP include leaving an SIDA access door open and 
unattended, allowing other authorized employees into the SIDA by “piggybacking” 
(ie, allowing a second employee with approved access to pass through an access 
control point without using his or her own access media to record the passage), fail- 
ing to wear an access/ID badge in the SIDA, and failing to challenge an unbadged 
individual in the SIDA. Some of these breaches in security are considered minor 
violations, particularly if the violation was unintentional; ASCs must use discretion 
in weighing penalties for such violations. Other violations are more serious and 
should result in the immediate revocation or suspension of the access/ID badge and 
the immediate removal of the access/ID badge holder from the airport property. 
These include such things as loaning one’s airport access media, intentionally 
breaching security by blocking a door open, jumping over the airport perimeter 
fence or allowing unauthorized individuals into the security areas, interfering with 
or assaulting security personnel, or falsifying or altering airport access media. 

The goal of any airport violation notice program is to force compliance with 
the ASP and regulations. Airport operators who do not strictly enforce their secu- 
rity programs undermine their own efforts and show other airport personnel that 
security procedures need not be taken seriously. Some analysts have suggested 
that careless attitudes by airport employees toward maintaining security proce- 
dures may have been the reason certain airports were selected as the launch points 
for the terrorists on 9/11 (Airline Security, 2002). 


OPERATIONS 


Title 49 CFR Part 1542 Subpart C comprises the essence of the airport security 
system. It includes the regulatory directives for segregating the airport into four 
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different levels of security and the necessary PACS to provide the minimum 
levels of security for each, the procedure for the criminal history records check 
(CHRC), the access/ID systems and processes, the SIDA training requirements, 
and law enforcement support and response requirements. Whereas Subparts A and 
B primarily address the administrative construct of the ASP, Subpart C addresses 
how the airport will meet its daily regulatory requirements. 

A commercial service airport has three areas: landside, terminal, and airside. 
The landside area has commercial and private vehicle areas; the terminal area has 
public, nonpublic, and sterile areas; and the airside area has secured areas, AOAs, 
and SIDAs. The sterile areas, secured areas, AOAs, and SIDAs are collectively 
known as the “security areas.” 

Landside operations include private and commercial passenger vehicle pickup 
and drop-off areas and, perhaps, rail or subway access. Landside operations do 
not have a specific security classification, but security practitioners must be aware 
that there are still highly important security considerations such as the threat to 
the airport of a vehicle-borne improvised explosive device, such as was used in 
Glasgow, Scotland, in 2008 when a car bomber attempted to drive into the termi- 
nal building. Landside ends at the curbside of the airport terminal building. The 
terminal begins at the airport curbside, which is at the airport’s intermodal (vehi- 
cle, light rail, subway) connections. The public area of the terminal begins at 
curbside and continues inward until the security screening checkpoint. Beyond 
the checkpoint, extending to the passenger boarding area (sometimes referred to 
as concourses or piers), is the Sterile Area, a defined Security Area requiring cer- 
tain access control measures. Also, throughout the public and Sterile Areas of the 
terminal are nonpublic areas, which are typically used for administrative office 
space, vendor storage areas, and utility rooms. 

The terminal area includes public areas such as ticket counters and nonpublic 
areas such as vendor storage areas and tenant administrative offices. The TSA or a 
domestic or foreign aircraft operator primarily controls access to the sterile area. 
Sterile areas extend beyond the screening checkpoints into the concourses or piers of 
the airport. The airside area is divided into the secured area, SIDA, and AOA. The 
secured area represents the highest level of security protection, and the AOA the 
lowest level. Normally, the traveling public is not allowed access to the airside near 
the commercial service aircraft except in instances where the traveling public walks 
outside to the aircraft. This is typical at small airports and in the commuter air carrier 
areas of large airports. The security areas can also include exclusive agreement areas 
and areas under an ATSP. Airside security areas are addressed later in this chapter. 


SECURING THE TERMINAL AREA 


The terminal area is normally associated with the building or group of buildings 
used by the public to park, check in at the ticket counter, and pass through 
passenger screening checkpoints to connect with scheduled air carriers. Terminal 


Securing the Terminal Area 


can sometimes refer to fixed-base, GA operators or private terminals for corporate 
flight or charter operations in the GA areas of a commercial service airport or at 
GA airports. For our purposes, terminal will be used in reference to scheduled air 
carrier service activities. 

The challenge of securing the public area is similar to that for securing any 
public venue, except the target (an airport) is typically a much higher value target 
because of the potential impact and disruption on the national aviation system. Of 
special concern is that, in the United States, there are no specific access require- 
ments to enter the public areas of an airport—anyone may enter without undergo- 
ing a screening process. 

The suicide bomber attack at the Brussels airport in 2016 is an example of the 
vulnerability of the public areas. While some suggest that passenger screening 
checkpoints should be pushed farther out into the public areas, this practice may 
only serve to relocate the crowd and thus, where the blasts occur. There is an 
additional hazard if the crowds that terrorist bombers seek are pushed all the way 
to curbside; then passengers waiting in security lines are at higher risk of attack 
by a more destructive, vehicle-borne, improvised explosive device. The devasta- 
tion caused by a vehicle bomb includes loss of life and human suffering (severe 
injuries, trauma experienced by victims, and pain and suffering of family and 
friends who have lost loved ones), economic loss, and possibly social and politi- 
cal destabilization as the public starts to seriously question whether the govern- 
ment can protect them (Richardson et al., 2007, pp. 104—106). 

Medical reports from past bombings and suicide blasts cite shock and organ 
trauma as the leading causes of death. Physical injuries from debris and blunt 
trauma from building components (structure, furniture, lighting fixtures, etc.) 
causes further injuries and death, in addition to the falling debris and building col- 
lapse. Among the most devastating effects of a large bomb is the intense heat 
(5000—7000°F), and blast pressures strong enough to damage major organs, such 
as blood vessels, eyes, and ears (Richardson et al., 2007, pp. 104—106). Methods 
to counter vehicle bomb attacks and suicide bomber attacks in public areas are 
addressed in Chapter 11, The Threat Matrix. 

Some airports have a central terminal connected by concourses or piers that 
extend outward into the airfield. This configuration is a centralized terminal and 
is an older airport design. Many newer large commercial service airports have 
adopted a decentralized terminal design, which features one or more publicly 
accessible terminal buildings and concourses detached from the terminal and 
accessible by a people-mover system. Denver International Airport and Orlando 
International Airport are good examples of a decentralized design. Other high- 
capacity airports use a unit-terminal design, which features several centralized 
terminal buildings, separated by landside access roads, and often connected on 
the airside by automated people-mover systems, such as trains, subways, or 
monorails. Los Angeles International Airport, Dallas/Ft Worth International 
Airport, and John F. Kennedy International Airport are examples of the unit- 
terminal design. 
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Some airports feature a centralized terminal and attached concourses and have 
additional concourses located on the airfield and accessible by a people-mover 
system (known as a hybrid terminal design—Seattle/Tacoma Airport is a good 
example). Each airport design has advantages and disadvantages in the imple- 
mentation of security measures. Centralized terminals can consolidate passenger 
screening checkpoints to a minimum number of locations, maximizing efficiency; 
however, a single screening breach in a centralized terminal can cause an entire 
airport to shut down. Plus, the massive consolidation of passengers into a single 
or minimal number of checkpoint areas increases the potentially destructive 
impacts of a suicide bomber or active shooter. 

Decentralized terminals may be able to isolate the impact of a screening 
breach, but require substantially higher levels of screening staff and equipment 
due to multiple screening checkpoints. Decentralized terminals also often have 
few checkpoints, meaning larger and more densely compacted security lines. Unit 
terminals appear to have some advantages from a security perspective, as the 
screening areas are spaced out over a larger amount of property. During the 2013 
active shooter incident at LAX, Terminal 3 was the point of attack, and 
Terminals 1 and 2 self-evacuated.* Terminals 4—9 (including the International 
terminal building) were the least affected. 

The nonpublic area of the terminal includes those areas where the general public 
is generally not permitted, such as vendor storage rooms, air carrier and airport 
administrative offices, employee child daycare, employee fitness facilities, and air- 
port loading docks. Although federal regulations do not restrict public access to these 
areas, the airport operator may want some level of access control just as a matter of 
loss prevention. ASCs often include the nonpublic areas in their ASPs and require 
personnel operating in those areas to wear airport-issued access media. Most nonpub- 
lic area access media do not allow access to security areas unless the individual also 
has an operational need to operate in the security areas. Access media helps distin- 
guish those with a legitimate need to be in the nonpublic areas and security areas. 


STERILE AREA 


TSR Part 1540.5 defines the Sterile Area as: a portion of an airport defined in the 
ASP that provides passengers access to boarding aircraft and to which the access 
generally is controlled by TSA, or by an aircraft operator under Part 1544 of this 
chapter or a foreign air carrier under Part 1546 of this chapter, through the screen- 
ing of persons and property. The sterile area borders the screening checkpoints, 
extends to the concourses or piers, and ends at the access points (doors) that lead 
outside, either to a public area (in the case of the exit lane) or the airfield. 





8Mostly due to TSA personnel in terminal 3 texting coworkers in other terminals telling them to 
evacuate. 


Airside Security Areas 


Passengers and many aviation employees who work in the sterile areas are nor- 
mally required to go through screening to access the sterile area, but certain 
approved aviation employees with access/ID badges can also access the sterile area 
through one of the other security areas without having to undergo public screening. 

Sterile Area access is limited to ticketed passengers, employees, or others hav- 
ing business or a specified need to be in the Sterile Area. Before 9/11, friends and 
family who were not traveling commonly passed through the screening check- 
points with departing passengers and were allowed to go with them to the gate. 
With the increase in screening times because of post-9/11 security procedures, 
access to the sterile area is now restricted to those with a boarding pass and avia- 
tion personnel working in the sterile area. For an ASC, the sterile area is a secu- 
rity challenge as various security policies and procedures used in those areas are 
formulated and issued by different authorities. ASCs can also seek ASP approval to 
grant access to the Sterile Area by visitors (in some cases, airport administrative 
areas are located in the Sterile Area), or air carriers through the Aircraft Operator 
Standard Security Program (AOSSP) can grant others requiring access, such as a 
parent or caregiver accompanying a minor or an individual needing additional 
assistance. For unescorted access to the Sterile Area, the visitor must undergo the 
passenger screening process and receive permission from the airport or aircraft 
operator. Some visitors are required to submit personal information, such as name, 
date of birth, and photo identification, so that a check of the Terrorist Screening 
Database can be conducted prior to the individual receiving authorization. 


AIRSIDE SECURITY AREAS 


The airside security areas help airport operators identify levels of security pro- 
cesses required throughout the airfield—such as physical access controls, person- 
nel identification, signage, law enforcement response, and so on. Assigning 
security areas versus one security standard throughout the entire airfield is predi- 
cated on the perceived level of risk being greater at some parts of the airfield, 
such as around scheduled passenger service flight operations, and the perceived 
level of risk being lower at other areas, such as around GA operations. Lower 
security standards in lower risk areas allow operators in those areas greater flexi- 
bility and potential cost savings by not having to meet the higher security require- 
ments found around the scheduled or commercial service (ie, higher risk) areas of 
the airfield. Ever since airport operators began treating commercial service areas 
with a different standard than GA and lesser risk areas,’ the goal has been to pre- 
vent individuals operating in the lower risk areas from accessing the higher risk 
areas, using the runways, taxiways, and vehicle service roads. 





Other lesser risk areas could include corporate flight hangars and flight operations, flight schools, 
aircraft maintenance operations, airport maintenance shops, caterers, and, up until 2006, air cargo. 
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The original airport security regulation FAR Part 107 called for the establish- 
ment of an AOA, whereupon certain security measures could be carried out. The 
AOA was (and still is) essentially all aircraft movement areas (runways and taxi- 
ways) and all nonmovement areas, which include taxi lanes, aprons, and parking 
areas—essentially, everything inside the airside boundaries of the airport. 

The FAA initially required that airport operators maintain the security of the 
AOA and not allow access to the AOA by unauthorized personnel. Over time, a new 
Security Area was added, the SIDA. Areas where scheduled passenger aircraft oper- 
ated were required to be designated as SIDAs, which meant individuals in the SIDA 
were required to receive an airport identification badge, and to wear the badge while 
in the SIDA. Access controls into the SIDA areas were generally higher than access 
controls that led into the AOA. Individuals operating in the AOA (which at this point 
included runways, taxiways, and GA and air cargo areas of the airfield) typically did 
not have to wear badges, but access to the areas was still monitored. 

By 9/11, the FAA had established another new Security Area, known as the 
Secured Area. The creation of the Secured Area allowed an airport operator to have 
various levels of access controls, depending on the threat level at particular locations 
throughout the airport. TSR Part 1542 now lists three airfield security areas: (1) the 
secured area, (2) the SIDA, and (3) the AOA. These definitions provide a great deal 
of flexibility if they are properly understood and applied, but can be confusing to 
new airport security practitioners. The TSA defines each Security Area as: 


AOA means a portion of an airport, specified in the ASP, in which security 
measures specified in this part are carried out. This area includes aircraft 
movement areas, aircraft parking areas, loading ramps, and safety areas, for 
use by aircraft regulated under 49 CFR Part 1544 or 1546, and any adjacent 
areas (such as GA areas) that are not separated by adequate security systems, 
measures, or procedures. This area does not include the secured area. 

SIDA means a portion of an airport, specified in the ASP, in which security 
measures specified in this part are carried out. This area includes the secured 
area and may include other areas of the airport. 

Secured area means a portion of an airport, specified in the ASP, in which 
certain security measures specified in Part 1542 of this chapter are carried out. 
This area is where aircraft operators and foreign air carriers that have a 
security program under Part 1544 or 1546 of this chapter enplane and deplane 
passengers and sort and load baggage and any adjacent areas that are not 
separated by adequate security measures. 


Unfortunately the above definitions provide little guidance about how to 
establish or carry out the measures required in any of the Security Areas. Plain 
language definitions are: 


AOA means the entire airfield, including runways, taxiways, ramp areas, 
aprons, and aircraft parking areas. Within the AOA, access must be controlled 
(at minimal levels), and signs must be posted to both define the boundaries of 
the AOA and warn unauthorized individuals from accessing the area. 
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SIDA, which includes the Secured Area, means individuals in the SIDA must be 
issued credentials (an ID badge), complete a CHRC and Security Threat 
Assessment (STA), complete an SIDA training program, and wear a badge at 
all times in the SIDA. An SIDA can stand alone, such as in air cargo buildings 
where a portion of the cargo delivery area is public, and a red (or other colored) 
line is painted across the floor designating the area where the SIDA begins. In 
this case, there are no access control requirements while still inside the 
building. An SIDA can be combined with the AOA, like it is on the airside 
portion of the air cargo building, and a Secured Area is also always an SIDA. 
Secured area is located around passenger air carrier operations where 
passengers enplane and deplane and extends until it hits a barrier, such as 

a fence, building, water, or the runway/taxiway system, as denoted by the 
boundary line of the nonmovement area, or other airfield marking. Secured 
Areas are always SIDAs, but must attain higher levels of access controls, 
such as a computerized physical access control system (PACS). The PACS 
must be able to verify the ID badge holder’s access, then either allow 
access, deny access (through an alarm and electronic door or gate lock), 
and distinguish between access (ie, the system has to know which doors and 
gates the individual has access to and which the individual does not). 
SIDAs must also be established in checked baggage sorting and loading 
areas, and any adjacent areas that are not separated by adequate security 
measures (ie, barriers). 


The key points to understand when discussing security areas and access 
control are the following: 


1. There are three types of security areas, each having its own security 
requirements (Fig. 5.2). 

2. There are different types of PACS approved for separating security areas from 
the public areas, and security areas from each other. One type of PACS is 
for the secured area only and meets the highest security standards; another 
is for the AOA and meets lower security standards (Fig. 5.3). 

3. Any security area can incorporate security measures inherent or required in 
another. For example, the airport operator can require individuals working 
within the AOA to wear personnel identification, by declaring the area an 
AOA/SIDA. 

4. Those within the AOA do not have to wear an access/ID badge. However, 
personnel who are based at the airport and operate in the AOA, but not in the 
SIDA, are required to apply for airport access media, undergo and pass an 
STA, and, under the strictest interpretation of the requirement, keep their 
access media on their person while operating in the AOA (but are not required 
to wear it). 

5. Pilots who are operating within an AOA on an airport they are not based at 
(considered transient pilots) are not required to have an airport-issued access 
media, but should carry some form of photo identification and must carry 
their pilot certificate and medical certificate. 
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FIGURE 5.2 


Example of various security area locations within the airport environment. 
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Fence types and fabric (TSA Security Design Guidance). 


Practical Application of Security Areas 


PRACTICAL APPLICATION OF SECURITY AREAS 


Access to the secured area must be controlled with an approved PACS meeting 
Title 49 CFR Part 1542.207 requirements (Table 5.2). These include the ability of 
the system to authorize entry to those with authorized access, deny entry immedi- 
ately if authorization is changed or withdrawn, and differentiate access between 
particular portions of the secured area. 

Personnel within the secured area must challenge anyone they see not wearing 
access media; signage must also be posted warning of imminent entry into a 
secured area. The secured area extends to adjacent areas not separated by ade- 
quate access controls or barriers (eg, the runway, airport fencing, a building, an 
electronic barrier, or natural barriers). The definition of adequate access controls 
depends on the ability of a PACS, measure, or procedure to detect, delay, or 
respond to an unauthorized individual attempting to gain access and is largely 
determined by an evaluation by the TSA. 

The SIDA may also include air carrier administrative offices, airport fuel farms, 
and any other area in which the airport operator or federal regulator feels that 
identification should be worn. The SIDA requires a higher level of security than 
the security requirements of the AOA in terms of identification. The SIDA does 
not specify physical access control requirements, but a SIDA could have access 
control requirements when combined with an AOA or a secured area (see Fig. 5.2). 

The AOA includes runways, taxiways, and aircraft movement and nonmove- 
ment area, parking areas, usually GA areas, and, until recently, air cargo 


Table 5.2 Airside Security Areas 


Security 
Security Identification Display 
Areas Secured Area Area Air Operations Area 
What The highest level of This could include Aircraft movement and 
areas are security. Passenger areas where parking areas, loading 
covered enplane and deplane identification is ramps, and safety 
areas, and baggage necessary but access areas, which may also 
load and sort areas. control may not be include GA areas and 
such as air carrier those areas near 
administrative areas, runways and taxiways. 
fuel farms, and cargo 
areas. 
What Access CHRC ID. Access CHRC ID. Access control but 
security Display/challenge Display/challenge does not have to meet 
measures | training post signs. training post signs. secured area access 
are control standards. 
required Orientation (provide 





security information 
but not necessarily 
training). Post signs. 
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facilities.” The AOA represents the lowest level of security required at any com- 
mercial service airport with a complete security program. AOAs are usually phys- 
ically separated from the areas where commercial aircraft are handled (passenger 
loading and unloading, baggage, and cargo) and require a lower level of security. 
The AOA must be protected by a PACS, but that system does not have to meet 
the standards of a secured area. Airport access media are not required to be worn, 
and anyone operating in the AOA only needs to be provided with security infor- 
mation, not SIDA training. 

Commercial service airports are required to designate an AOA, unless the area 
is designated as a secured area (in which case the AOA label is dropped and it’s 
just called the “secured area’). Some airport operators designate an entire airfield 
as a secured area and do not have lesser areas of security, such as AOAs or 
SIDAs; however, there is a high cost associated with this practice. AOAs are 
common in GA areas of an airport where issuing access media to all personnel 
operating airside is either too costly or logistically difficult. Before the air cargo 
regulatory update in 2006, many air cargo areas were also designated as AOAs. 

Regulations now require air cargo operations to be located within SIDAs. 
Some ASCs, or airport workers, have a difficult time distinguishing between the 
requirements of the secured area, the SIDA, and the AOA. Many ASCs label 
these areas with their own terminology and then work with their FSD to interpret 
the definitions to meet individual airport needs. It is not unusual to hear an area 
called “the SIDA,” but in the ASP, this area is defined as the Secured Area. 
Another example is that some airports may post signs on a perimeter fence or a 
door accessing the airfield saying “restricted area” when the area that is prohib- 
ited is actually the AOA or Secured Area. These common or pedestrian defini- 
tions are often allowed to be used so the public and airport workers have a better 
understanding of what they are supposed to do, thus increasing compliance and 
reducing inadvertent entry. 


AIRPORT PACS 


Once the security areas have been defined (see Table 5.2), the next requirement 
for the ASC is to determine the physical access controls that will be put into place 
to prevent access to the airfield by unauthorized personnel and to separate the 
security areas from each other (Table 5.3). The following section lists the regula- 
tory requirements for each of the security areas, the PACS requirements, and pro- 
vides an example of how to establish the security areas with appropriate access 
controls. 





10With the air cargo regulatory revision in 2006, air cargo areas must now be designated AOA/ 
SIDA, at a minimum. 


Airport PACS 


Table 5.3 Airport Personnel Identification Matrix 


Public Nonpublic | Sterile Security Areas 
Person Areas Areas Area (SIDA, AOA, etc.) 
Visitors Yes No No° No 
Passengers Yes No Yes No 
Vendors, contractors, Yes May be May be May be 
and tenants 
Airport or airline Yes May be May be Yes 
employees 





Note: The level of required access for aviation employees depends on their job duties. 
“Unless required as part of escorting a minor, assisting an elderly or a disabled passenger, or 
authorized visitor. 


In 1973, the FAA divided the responsibilities for aviation security between the 
air carriers and the airport operators. The air carriers were required to screen pas- 
sengers, while airports were required to have an FAA-approved ASP, which 
described how the airport would protect access to the AOA. In 1989, the FAA 
issued FAR Part 107.14, which required the installation and use of systems, mea- 
sures, and equipment that met certain performance standards to prevent unautho- 
rized access to Secured Areas of the airport (SC-224, December 15, 2015, p. 1). 
As previously discussed, airports were also required to separate the secured area 
from other areas of the airfield, such as the AOA. 

The underpinning of controlling access is to permit authorized personnel into 
only those areas they are authorized to enter and to prevent all other forms of 
unauthorized access. A PACS is more than just a system of computerized card 
readers or other measures to prevent unauthorized access. An airport PACS 
includes signage, personnel identification systems, law enforcement response, air- 
field security patrols, security training, and other measures designed to prevent 
unauthorized access to the airfield. Access points include gates, doors, guard sta- 
tions, electronic access points (eg, doors with access controls, biometrics, sensor 
line gates, automated portals), and vehicle inspection stations, which may incor- 
porate crash barriers and blast protection. 

The standards for an airport PACS are contained in the RTCA DO-230F. 
The Standards are not SSI, but access is controlled, and the Standards are 
generally only available to airport and system operators, designers, integrators, 
and engineers of an airport PACS. ACS is also known as the Integrated 
Security Systems for Airports (ISSA), or previously, the Access Control and 
Alarm Monitoring System.'! In more recent references, the ACS has also 





"Used in the TSA’s Recommended Security Guidelines for Airport Planning, Design and 
Construction, 2011 version, but the document was undergoing an update in 2016, so check the TSA 
web site for the current version. 
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been called the PACS. However, strictly speaking, the PACS is a component 
of the ISSA. This text uses ACS or ISSA interchangeably when referencing 
the ACS. 


ACCESS CONTROL: GENERAL DESCRIPTION 
An ISSA generally includes: 


1. A PACS which includes the physical assets of the system, such as 
identification credentials (ie, badge), readers, locks, databases, and 
associated hardware platforms, software scanner, and network infrastructure 
to ensure all systems are connected and integrated (SC-224, December 15, 
2015, p. 1). 

2. A Perimeter Intrusion Detection System (PIDS) which may be used to detect 
unauthorized access through alarmed access doors and gates or can also 
describe technologies used along airport perimeter fences and boundaries that 
detect unauthorized entries. 

3. A CCTV to monitor activities and alarms throughout security areas. Some 
cameras are connected to the PACS system and activate when there is an 
intrusion, while others are pan-tilt-zoom (PTZ) and are used for general 
surveillance or to review a recorded event, such as a security breach or 
incident. 

4. A Security Operations Center (SOC) (Fig. 5.4) which RTCA describes as the 
“functional heart” of the airport’s security ISSA (SC-224, December 15, 2015, 
p. 9). The SOC is frequently located within the Airport Operations Center and 
near the Emergency Operations Center. 

5. An Identity Management and Credentialing System which manages airport 
worker identities for those individuals properly authorized to obtain an airport 
identification (ie, badge). 


The overall organizational concept on the approach an airport takes to achieve 
safety and security objectives is often referred to as a Concept of Operations 
(ConOps) (SC-224, December 15, 2015, p. 3), which generally explains how 
everything works and works together. The ConOps usually integrates communica- 
tions operations and architecture, the PACS, PIDS, credentialing operations, the 
role of the SOC and CCTV, and in some cases, where used, biometric operations 
(SC-224, December 15, 2015, p. 3—9). RTCA DO 230F describes the ISSA as a 
holistic concept which: 


.. enables protection of personnel, buildings, vehicles and resources that are 
sensitive within an airport environment. Thus, an ISSA provides communica- 
tions and services capabilities enabling positive access decisions, detection of 
events, and response to anomalies and security events by appropriate respon- 
ders. An ISSA has two main components that specifically address access con- 
trol, namely an Identity Management and Credential System (IdM-CIS) to 
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FIGURE 5.4 


The SOC portion of Denver International Airport’s communications center (left). The center 
consoles include airport operations communications, and weather and airfield condition 
monitoring stations with police, fire, and EMS dispatch stations are shown on the right. 





control and manage the issuance and maintenance of access credentials to 
individuals, and a Physical Access Control System (PACS). An ISSA provides 
an immediate, automated verification of identity to ensure that access is per- 
mitted or denied in keeping with established privilege rights. The elements of 
access control implemented with a PACS include portals, barriers, card read- 
ers, field controllers and servers that control the entry of persons and identi- 
fied vehicles and equipment into secured areas. The operation of these 
components can be under manual and/or automated control(s). Typical bar- 
riers to a secured area, for instance, are doors secured by locking mechanisms 
(such as key locks or electromechanical or electromagnetic locks) as may 
require a key, access media, cipher, electronic or electromagnetic media, a 
password or other means to open. The requirement that the authorized individ- 
ual possess media or knowledge in order to gain access is, thus, a valid ele- 
ment of access control. Automated ISSA systems generally incorporate 
safeguards to detect unauthorized access attempts. These may include, but 
are not limited to: tamper detection sensors, line security supervision, door 
monitor switches, intercoms, authorization verification checking, personal 
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identification number checking, personal identity verification, historical 
personnel access attempts, two-door portals and closed circuit television 
(CCTV)Aideo monitoring, recording and intrusion detection. 

Since 2001, identity verifications and criminal history record checks 
together with employment background checks are now required by federal reg- 
ulations to improve the security to airports and the aviation system as a whole. 

SC-224, December 15, 2015, p. 11 


At a commercial service airport, there is typically a centralized access control 
computer and a series of access control readers (card, proximity, PIN, or 
biometric)'* located at airside access doors and gates; CCTV cameras watch over 
these locations in some cases. If the door accesses a Secured Area, the door must 
be alarmed so that a breach can be detected. Doors accessing Secured Areas have 
been called Point of Denial or Direct Access Point doors (or other names) in 
order to differentiate them from doors that are connected to the PACS, but that 
access administrative areas. Door alarms are usually for one of the following 
reasons: 


1. An individual attempted entry using their badge, but they do not have access 
at that access point. 

2. An individual allowed someone to “piggyback” behind them as they went 

through an access point. 

An individual is using an expired badge. 

A passenger pushed through a fire access door triggering the alarm. 

An individual left a door open for too long. 


ap w 


The most serious of breaches are Door Forced Open, which is when an 
adversary has defeated the locking mechanism of a security door and most likely, 
now has access to the airfield. The access control computer system contains a 
database of aviation employees with approved access to various parts of the air- 
field. When an aviation employee uses an access/ID badge to access a door or 
gate, a microchip within the access reader is queried to determine if the individual 
has approved access at that location. If access is approved, the reader triggers the 
door or gate to open. If the individual does not have access, the system temporar- 
ily issues an audible alarm to let the individual know he or she does not have 
access. The access control reader will send an alarm message to the central com- 
puter where an operator may elect to take additional action, such as dispatch a 
security guard or police officer to investigate the situation. Depending on the 





12 Access media control devices include (1) card readers that detect a magnetized strip on an airport 
identification badge (similar to a credit card), (2) proximity readers that read a holographic image 
off of the airport identification badge, (3) 10-key PIN code device where individuals must enter the 
approved code to gain access, and (4) biometric readers used to scan and identify fingerprints, 
hands, facial features, voiceprints, or irises. There are also keys implanted with a computer chip 
that meet the access control requirements. These keys only work in special locks, but they can be 
useful in areas such as bag belt maintenance hatches and rarely used airfield perimeter gates. 
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complexity of the system, many access control readers have an associated CCTV 
camera watching the access point, and the camera has intercom ability for the 
operator at the security control center to be able to converse with the person 
attempting access. The PACS at a minimum is required to do the following: 


1. Monitor access to the secure and sterile areas, to annunciate any security 
violations, and to record and log events. "°? 

2. Verify that the holder of the access/ID badge is entitled to pass through the 
portal and either unlocks it to allow passage or denies passage and provides a 
local indication of this denial. It is not a requirement that the PACS monitor 
all access control points. Rarely used access points can be controlled with a 
padlock, with keys provided only to airport maintenance, emergency services, 
or airport operations and security personnel. Many airports use their PACS to 
control access to their AOAs, but this is not required. 

3. Automatically log all attempts to enter secure and sterile areas as appropriate, 
whenever successful or unsuccessful. 

4. Be reliable, as defined by TSA: “Airport security systems should be high 
availability systems operating 24/7/365. System availability should meet or 
exceed 99.99%: higher performance requirements should be considered 
for higher risk airports” (TSA, 2006, p. 153). 


There are numerous other methods of access control that must be implemented 
where a computerized PACS cannot be used. Examples of such a location are the 
runways and taxiways of an airport or where it is impractical to install an access 
control reader, such as roads used to service the AOA. Another example in use at 
many GA FBO at commercial service airports is to have a customer service 
representative log in and out individuals who access the AOA, which is typical 
for corporate and private flight operations departing out of an FBO. 

At many airports the GA ramp is located on the opposite side of the airport 
from the air carrier terminals, with the runways separating the two entities. 
Vehicle service roads wind around the approach end of runways and connect the 
two areas. In this situation, a checkpoint can be put on the vehicle service road 
with a security guard and an access control reader. This prevents unauthorized 
individuals from transiting from the GA area to the commercial service area. It 
does not prevent an unauthorized person from walking or driving across runways 
and taxiways from the GA area to the commercial service area, but the concept of 
time and distance can be used—the distance between the lesser and greater secu- 
rity areas is far enough that an intruder will be spotted by an individual (eg, an 
air traffic controller, security or ops officer, or police officer) and prevented from 
reaching the area of higher security. Putting an access control reader or security 





'3This annunciation can be accomplished locally by means of a local alarm and remotely at a 
dispatch or control center monitoring the alarms and capable of dispatching appropriate personnel 
to the scene of the breach or attempted breach. 
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guard gate is not feasible on runways and taxiways, so an alternative form of 
access control must be implemented. 

Alternate forms of access control covered under Title 49 CFR Part 1542.207(b) 
include any other system, measure, or procedure that meets or exceeds the 
Part 1542.207(a) standard. To get an alternate program approved, the airport 
operator must demonstrate that there is a need for the access point or that 
one naturally exists through the design of the airport, such as a runway separat- 
ing the GA side of the airport from the commercial service side. The airport 
operator must also explain why a computerized system cannot be used and 
justify how the alternative system meets or exceeds the computerized standard 
and can accommodate current and projected throughput of the access point. 
Alternate systems must still be able to detect, delay, and provide notification 
for response to the presence of unauthorized personnel. Some examples of 
alternate systems include: 


1. Security guard continuously (or frequently in some cases) watching a 
particular area. CCTV coverage with continuous human monitoring or smart 
CCTV software, motion detectors, or other technology that sends an alarm 
when an intruder enters the area. 

2. Runways and taxiways that are watched by FAA air traffic control personnel 
during flight operations. 

3. SIDA training for personnel in the SIDAs who are required to report 
unauthorized personnel in the SIDAs. 


For an alternative form of access control to be approved, the ASC must 
often implement a combination of procedures. For example, to separate an 
AOA from a secured area or SIDA, an airport operator may elect to paint a 
visible indicator, such as a red line, on the airfield delineating the border 
between the two areas. This, by itself, is normally not enough to satisfy the 
requirement to “detect and respond” to an unauthorized entry. Therefore, the 
ASC will incorporate the identification of the line and its meaning within 
the SIDA training program and combine that training with the requirement that 
all individuals who have been issued an access/ID badge challenge anyone they 
see who is not in possession of and displaying an approved access/ID badge. 
Airfield patrols by airport operations, security, and police personnel, along with 
CCTV monitoring by SOC personnel, may be required for the TSA to approve 
this alternative form of access control. 


AIRFIELD PERIMETER SECURITY 


Threat scenarios pertaining to the airport perimeter include: An outsider with intent 
to enter the airport secure area with a criminal or terrorist intent, possibly to: 


1. use a stand-off weapon such as a rocket-propelled grenade launcher to target 
an aircraft; 
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2. cross the airfield with a bomb or other weapons to attack an aircraft on the 
ramp, or during takeoff or landing; 

3. cross the airfield to access screened checked baggage or the aircraft itself in 
order to place an improvised explosive device on board; 

4. cross the airfield with a vehicle-borne improvised explosive device to directly 
attack an aircraft or the airport infrastructure; 

5. breach the airfield to bring weapons or explosives to an airport insider or an 
individual who has already passed the screening process, in order to commit 
an act of terror (SC-224, December 15, 2015, p. 121). 


From 2010 to 2015, a high number of breaches into the security area by vehi- 
cles driving through airfield access gates and onto the aircraft areas occurred, and 
in July 2012 an air carrier pilot who had been placed on administrative leave and 
was under investigation for murder, jumped the fence at the St. George Airport in 
Utah and accessed an unattended regional jet. He drove the aircraft through the 
fence and into the parking lot, where he committed suicide. These incidents have 
called into question whether the airport perimeter security requirements are ade- 
quate. Most perimeter breaches at airports are either accidental, such as an 
employee driving through a perimeter fence, or an individual under the influence 
of alcohol or drugs. In one case, an individual stowed away on a flight to Hawaii 
and miraculously survived the journey. While none of the breaches were terrorist 
acts, these acts call attention to potential vulnerabilities in airport perimeter secu- 
rity, along with the need to take appropriate action to secure the airfield. 

FAA Regulation Title 14 CFR Part 139.335 Public Protection requires 
commercial service airports to take measures to “prevent inadvertent entry to the 
movement area by unauthorized persons or vehicles ... and [install] fencing 
meeting the requirements of 49 CFR Part 1542.” Interestingly, there is not a spe- 
cific regulation that requires airport fencing to be of a certain height or material. 
The standard “7 ft of fencing with 3 strands of barbed wire” which most in the 
industry are familiar with, is taken from an older airport terminal design FAA 
Advisory Circular, so most airport fencing is typically designed to meet previous 
FAA and current FAA Advisory Circular guidance. Many airport fences serve as 
a rudimentary level of protection and have deterrent value, but do not have the 
capability to detect, delay, or report an intrusion or breach. A few airports, how- 
ever, currently employ detection sensor systems and other forms of perimeter pro- 
tection, but these systems are not currently required (SC-224, December 15, 2015, 
p. 122). The TSA offers the following description of airfield perimeter fencing or 
barriers: 


To delineate and adequately protect the AOA, SIDA, and other Security Areas 
from unauthorized access, it is important to consider boundary measures such 
as fencing, walls, or other physical barriers, electronic boundaries (e.g., sensor 
lines, alarms), and natural barriers in the planning and design process of an 
airport. Access points for personnel and vehicles through the boundary lines, 
such as gates, doors, guard stations, and electronically controlled or monitored 
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portals, must also be considered. In addition, there are other security measures 
which should be part of the design that enhance these boundaries and access 
points such as clear zones on both sides of fences, security lighting, locks, 
monitoring systems such as CCTV, and signage. 


TSA, 2006, p. 22 


Basic fencing, or in the case of natural barriers such as bodies of water, essen- 
tially keep the “honest people honest” and will not stop a determined individual 
with the means and motive to overcome the barriers. A consideration must be 
made, however, whether the threat of individuals attacking the airport or acces- 
sing or attacking aircraft on an airport is significant enough to change the 
requirements. 

Barriers should prevent unauthorized access and ideally differentiate between 
an authorized and unauthorized user. There are four types of barriers: physical 
barriers, electronic boundaries, natural barriers, and access points. Physical bar- 
riers, such as fencing, should be selected by conducting a vulnerability assess- 
ment. Some airports may be at higher risk of perimeter intrusion and therefore 
should install fencing that exceeds the standard 7 ft of chain-link fabric plus 
1—3 ft of barbed or razor wire (Figs. 5.3 and 5.5—5.7). 





FIGURE 5.5 


Chain-link fence barbed-wire configurations (TSA Security Design Guidance). 
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FIGURE 5.6 
Vertical bar fence (TSA Security Design Guidance). 





FIGURE 5.7 

This type of reinforced fencing has been has successfully tested to the US Department of 
State’s K8 Anti-Ram rating, stopping a 15,000-Ib truck traveling at 40 miles per hour 
within 3 ft of the fence line (TSA Security Design Guidance). 
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Depending on the threat level at a location, fencing can include motion, ten- 
sion, or other electronic sensing means. These features are tied into an intrusion 
detection system and monitored in the airport’s security operations control center. 
Buildings may be incorporated into the physical barrier of the airport perimeter, 
abutting the airfield perimeter fence or security gates. Interior walls of a building 
and interior doors are often tied into the airport’s ACS, regulating airside access 
for authorized personnel. Interior walls used in such fashion should reach to the 
ceiling, not just the suspended ceiling. Exterior walls on an airport perimeter (vs 
fencing) are less common in the United States because of their cost, but they can 
provide the advantage of reducing the visibility of storage or security areas and 
be less scalable because of the lack of handholds. They are also in use at some 
airports as jet blast deflectors and serve the dual purpose of being a physical bar- 
rier and a safety barrier. 

US airports are in the early stages of evaluating electronic boundaries. One 
concept incorporates airport surface detection equipment (ASDE), which is 
ground radar used to track the movement of vehicles and aircraft on the airfield 
in low visibility. The TSA offers the following description of ASDE systems: 
Tests by TSA’s Transportation Security Laboratory are designed to demonstrate 
that modified ASDE radar could differentiate between “approved” and “unau- 
thorized” targets, including persons and ground vehicles as well as marine craft 
approaching a waterside perimeter. The radar is intended to determine the 
origin and track the paths of movement of these targets. With further develop- 
ment, the system is expected to classify an object, to predict its likely next 
movements or directions, and to assist the operator in providing an appropriate 
level of response. Some of these functions can also be automated and applied 
to preprogrammed zones of priority to enhance security decision making (TSA, 
2006, p. 28). 

A second electronic boundary uses radio frequency identification (RFID) tech- 
nology. The implementation of RFID technology includes active RFID tags, sta- 
tionary RFID readers, and mobile RFID readers. All authorized airport personnel 
and vehicles have RFID tags in the access/ID badges to facilitate real-time track- 
ing of vehicles and personnel. Stationary RFID readers are located around airport 
perimeters or within security areas and work on the basis of signal triangulation 
to observe the real-time motion of a tagged object or person. If an unauthorized 
signal is detected, then the system sends a notification to the SOC for law 
enforcement or security response. 

The third type of airport perimeter barrier is a natural barrier (eg, bodies of 
water, expanses of trees, swampland, or cliffs). Some natural barriers may border 
an airport in such a way as to make physical barriers or fencing impractical. In 
other instances, fencing or physical barriers would conflict with aircraft naviga- 
tion, communications, or runway clear areas beneath approach paths. Another 
form of barrier is known as time and distance. 

The time and distance concept depends on the idea that the extensive time it 
would take an intruder to reach a critical facility, such as a concourse or the 
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secured area, combined with the high visibility from a variety of employees in 
and around the airplanes, effectively reduces the likelihood of the intruder suc- 
cessfully reaching the protected location. The concept of detect, delay, and 
respond is that remote areas are “sufficiently removed from the primary security- 
related areas to allow the airport to detect an intrusion, and delay its progress until 
an appropriate security response can be implemented” (TSA, 2006, p. 29). While 
not considered a “barrier” SIDA training and challenge programs may enhance 
access control measures within a security area, along with law enforcement 
patrols and patrols by unarmed security personnel. 

Access points are protected by three types of gates that allow vehicular 
access to the airfield for routine maintenance and emergency operations. 
Vendors, contractors, airport operations and maintenance personnel, aircraft 
operator personnel, cargo delivery vehicles, and just about any vehicle that 
needs authorized access to the airfield to conduct business all use routine oper- 
ation gates. These high-throughput gates should be designed for long life and 
to minimize delays to users. Because of their high throughput, routine operation 
gates also represent a higher risk of allowing unauthorized individuals or 
vehicles access to the airfield. These gates are typically electrically operated, 
connected to ACS, staffed with security personnel, and may include secondary 
barriers (in addition to the primary sliding or swing-style security gate), such as 
retractable bollards, drum barriers, or cable barriers. 

Maintenance gates are typically seldom used, often padlocked, and used by 
airport and FAA personnel to conduct maintenance activities on airfield equip- 
ment, utilities, or grounds maintenance. Emergency gates are for use by on- and 
off-airport emergency response personnel. Remote control units within aircraft 
rescue and firefighting trucks enable some gates to be operated electrically. These 
gates should be on frangible mounts to allow emergency vehicles to crash through 
in the event of rapid response to an aircraft accident or incident. Emergency gates 
are sometimes padlocked or equipped with a Knox-Box®, which provides emer- 
gency rapid nondestructive entry for emergency personnel. 

Security fence should have a 10-ft clearway at the surface and ideally be 
recessed 3 ft into the ground to prevent tunneling by both humans and animals 
(there must still be 7 ft of visible fencing above ground). Some airport operators 
elect to cement the entire fence line at the surface to prevent tunneling and dig- 
ging. Security fencing must have no more than a 4-inch clearance between the 
ground and the bottom of the fence. 

Within buildings also serving as a physical barrier between the landside or 
sterile areas and airside, the number of doors must be kept to an operational 
minimum and, ideally, equipped with an alarm and CCTV in the case of emer- 
gency ingress. Many doors within an airport also allow emergency ingress in 
case of a fire or other emergency, which presents a challenge to airport secu- 
rity. Usually, these doors will open after the activation of a crash bar on the 
door or after the alarm system is activated. If the system is so equipped, an 
alarm will sound in the SOC and a CCTV camera will trigger at the door and 
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begin recording the activities around that door, enabling security operations 
personnel to make the appropriate response. 

At large airports, CCTV monitors are used to view access doors and are 
tied electronically into the PACS. Unfortunately, because of costs, the CCTV is 
usually located on the interior side of a door. This is for a practical purpose; 
most door alarms are not the result of intentional unauthorized access but of an 
aviation employee having functional problems with the door. Either he or she 
does not have access at that particular access point and does not know it, 
requiring the security operations personnel to explain it, or he or she does have 
access but something else (eg, a hardware or software problem, weather, or 
power) is preventing authorized access. The CCTV system is therefore located 
on the inside so that security operations personnel can converse with the person 
at the door through the intercom. This system requires intervention by the SOC 
to assist with problems. Cameras on both sides of a PACS controlled door 
would provide security personnel a higher level of security and a frontal view 
of an offender, but this is still rare, although some airports are implementing 
this technology. 

Another security measure to prevent or deter unauthorized entry into security 
areas is the integration of a door opening delay. Because the majority of access 
control doors double as fire exits, a conflict exists between security and public 
safety. The ICAO recommends a 15-second delay before a fire door will open for 
anyone who activates its crash bar. Some local fire codes and the approval author- 
ity (the fire marshal) have different perspectives, so in some cases there is only a 
5-second delay and at some airports there is no delay. Another important consid- 
eration is a power failure or fire that triggers the fire doors to automatically open. 
When this occurs, airport security personnel closely monitor the situation and 
likely will dispatch personnel to help contain people entering security areas. A 
security guard, a law enforcement officer, or an airport operations employee most 
often initiates intruder response. In some cases, such as passenger boarding gates, 
there is a mantrap door, with the secondary door serving as an adequate intruder 
response (Fig. 5.8). Subsequent to an intruder alert, security personnel will follow 
up to determine the identity and intent of the intruder. 

Staffed guard stations are used in some locations where higher levels of 
security are required or desired. These are usually at vehicle entry points, but 
they can also be used at employee turnstiles to reduce or prevent piggybacking 
or tailgating. Guard stations should be sheltered and guards should be able to 
communicate with the SOC. Guards should be trained in how to search a vehi- 
cle for prohibited items, suspicious awareness, and actions to take should an 
unauthorized entry occur. Guards should receive the latest intelligence informa- 
tion relevant to their responsibilities and briefings of any special occurrences on 
the airfield, such as a VIP or prisoner escorts that would cause additional or 
unusual traffic through the checkpoint. Guards should receive a “stop list,” 
which contains the names of people who no longer have access authority but 
may still be in possession of a valid access/ID badge. Some guard stations 
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FIGURE 5.8 


A mantrap door in place at Ben Gurion International Airport in Israel. 





include a law enforcement officer with access to a vehicle to provide an armed 
response or pursuit to an intrusion. 

Some gates include a vehicle inspection station, which provides an area 
outside the blast envelope (Figs. 5.9 and 5.10) to inspect suspicious vehicles 
or conduct inspections of all vehicles during high threat levels. The station 
should be far enough away from the entry gate so as not to impede the 
movement of other vehicles not subject to search. Other security measures 
can include fence clear zones,'* security lighting, locks, CCTV coverage, and 
signage. Higher tech sensor line gates are being tested. A sensor line uses micro- 
waves, infrared, or other electronic sensor technology other than a hard physical 
barrier (Fig. 5.11). 


VEHICLE ACCESS CONTROL PROGRAMS 


Airports are required to have vehicle access control programs in addition to 
personnel ACS. These programs often serve dual roles by allowing the airport to 





'4Tn these zones there are no climbable objects such as trees or adjacent buildings abutting the fence. 
































i Explosive Capacity Lethal Air 
Type of Explosive in TNT Equivalents | Blast Range 
: 5 Ibs 
Pipe Bomb (2.3 kg) 
Briefcase, Backpack, 50 Ibs 
or Suitcase Bomb (23 kg) 
Compact Sedan 500 Ibs 100 ft 
(in trunk) (227 kg) (30 m) 
Full Size Sedan 1000 Ibs 125 ft 
(in trunk) (454 kg) (38 m) 
Passenger or 4000 Ibs 200 ft 
Cargo Van (1814 kg) (61 m) 
Small Box Van 10,000 Ibs 300 ft 
(14th ft box) (4536 kg) (91 m) 
Box Van or 30,000 Ibs 450 ft 
Water/Fuel Truck (13,608 kg) (137 m) 
Semi-trail 60,000 Ibs 600 ft 
emprarer (27,216 kg) (183 m) 
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Tested: Stopped a 15,000 Ibs 
vehicle traveling at 50 mph 


Sliding gate 


Tested: Stopped a 15,000 Ibs 
vehicle traveling at 30 mph 


Retractable bollards 


Tested: Stopped a 15,000 Ibs 
vehicle traveling at 50 mph 
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Road barricades in use at vehicle checkpoints (TSA Security Design Guidance). 
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FIGURE 5.11 


Comparative effectiveness of barrier types. 





comply with the security requirement to have fencing and certain sections of 
Federal Aviation Regulation Part 139, which requires fencing to protect the public 
and to prevent wildlife from entering the airfield. In some cases, the airfield 
driver training offices are colocated with the security offices to maximize airport 
resources and reduce the processing time for new airport workers to get security 
and the airfield driver training required before an individual is allowed to drive 
on the airfield. 

Vehicles on the airfield must be clearly marked by their business affiliation. 
All vehicles should have consecutively numbered permits, issued and reissued 
annually. Permits are color coded to indicate access and restrictions and 
have expiration dates that are easy to see from other vehicles. Requiring all 
airfield vehicles to be registered with the airport ensures that airport access 
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control personnel can determine if the required insurance levels are met. 
Other issues that must be considered when constructing a vehicle access con- 
trol program are protocols for identifying and stopping a vehicle in the AOA. 
At some airports, security guards and airport operations personnel can stop 
vehicles in the AOA. However, there may be local ordinance or legal issues 
that restrict the right to stop vehicles to law enforcement only. All vehicle 
access control programs must be described in the ASP. The RTCA defines 
credentialing as: 


...the process by which an airport operator issues regulatory-compliant media 
known as ‘credentials’ to allow unescorted access to security-related areas of 
airports by airport staff, including tenants, concession staff and airlines, other 
airport-approved entities such as law enforcement, first responders, construc- 
tion personnel, and certain government employees. 

SC-224, December 15, 2015, p. 23 


Most commonly called the Airport Identification Badge, or “ID badge,” the 
credential usually includes a photo of the holder and contains embedded 
information that can be read by the PACS, to allow or deny access to a particular 
access point. Although the TSA retains civil aviation security oversight, airport 
operators maintain the responsibility—and the ultimate liability—for local access 
decisions (SC-224, December 15, 2015, p. 23). The industry is beginning the shift 
from badging to the concept of credentialing and identity management. An 
identity management system (IDMS) manages the credentialing process. It pro- 
vides remote and central access to its data and associated functions including 
remote access portals, administrative stations, badging stations with data 
collection peripheral devices, and in some cases mobile access to the IDMS data- 
base. The system relies on strong identity management practices combined with 
policies and procedures to lessen cybersecurity incidents, which may be improved 
by following the Federal Identity, Credential and Access Management initiative 
(SC-224, December 15, 2015, p. 32—33). 

Through the IDMS, the authorized signatory function goes from a pen and ink 
signature on a badge application to an online workflow with a secure login pro- 
cess. Hands-on paperwork is reduced for the Trusted Agents (TA), reducing data 
entry burdens for the airport credentialing office. Badging workstations may 
include the usual camera for capturing facial photos, but also biometric capture 
devices, document scanner (for ID verification), electronic signature capture 
devices, and badge printers (SC-224, December 15, 2015, p. 34). 

In accordance with Part 1542 and TSA SD 1542-04-08 I'° (OIG, 2011), appli- 
cants for an airport identification badge that requires access to the SIDA or Secured 
Area are required to undergo a CHRC and have an approved STA from TSA before 





'SWhile we are citing an SD, normally an SSI-protected document, unfortunately this SD was 
posted on the Internet. In this particular citation, this information was published in a publicly avail- 
able OIG report. 
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receiving a badge and obtaining unescorted access to those areas. Individuals who are 
based at a commercial service airport but only work in the AOA are only required to 
pass an STA, and be issued a badge, but whether they are required to display the 
badge, depends on whether the AOA is also designated an SIDA. 

TSA’s Technology Infrastructure Modernization (TIM) Program'® is responsible 
for vetting individuals with unescorted access to secure areas. This is accomplished 
by comparing the applicant’s information against data sets to discern whether the 
applicant is a threat to transportation or national security. Approximately a half a mil- 
lion individuals are vetted in this process. This is collectively known as the 
credentialing process.'’ While undergoing credentialing, individuals may be escorted 
by those having properly issued access media, if allowed by the ASP. 

The credential process involves, at a minimum, the following elements: the 
applicant, the sponsor, the Authorized Signatory, the TA, and the Designated 
Aviation Channeler (DAC). Also involved is the ASC, who has the final authority 
on whether to issue a badge, the TSA, and the FBI, who conduct the key elements 
of the credentialing check. 


1. The applicant is the individual applying for an airport credential. Each 
applicant is required to fill out a badge application that includes key 
identifying information and must attest that he or she has not been found 
guilty of a disqualifying offense. An Authorized Signatory must sign the 
applicant’s badge application form, which grants them the permission to 
undergo the badge application process. 

2. The Sponsor is the airport organization (tenant, air carrier, concessionaire, 
contractor, vendor, or other entity), who acts as a guarantor to the airport 
operator in validating the applicant’s need for the badge, via its own 
designated Authorized Signatory (SC-224, December 15, 2015, p. 28). 

3. The Authorized Signatory is an employee of the Sponsor and attests to the 
airport operator through their signature that an individual from their company 
requires a badge. The Authorized Signatory also can request access to certain 
doors and gates throughout the airport and generally acts as the point-of- 
contact for security issues for their company, between the Sponsor and the 
ASC. Smaller companies with few employees usually only have one or two 
authorized signatories, while air carriers and other tenants with large 
operations at the airport may have several individuals designated as authorized 
signatories. For tenants with hundreds of employees, badge access is often 
broken down by department or job title, or in some cases, both. For example, 





lOTSA’s Transportation Threat Assessment and Credentialing (TTAC) Office was established as 
the lead for conducting STAs and credentialing initiatives for domestic passengers on public and 
commercial modes of transportation, transportation industry workers, and individuals seeking 
access to critical infrastructure. 

'7Before 2008, this was commonly called the CHRC process. However, in 2007 and 2008, with the 
continuous addition of processes that must be completed before an individual can receive an airport 
access badge, the term credentialing process, or simply credentialing, is being used. 
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an air carrier gate agent has different access requirements to do his or her job 
than a ramp worker loading bags. Many ASCs divide up the businesses that 
operate at the airport into air carriers, tenants, contractors, vendors, and 
government employees (including the airport staff). Also, in many cases, 
contractors and vendors must be sponsored by an air carrier, tenant, or 
government agency to prevent companies from freelancing services or 
accessing the airport when they do not have a valid reason. The AS also 
provides a way for the ASC to hold the company and their employees 
accountable to the rules and regulations of the airport. Many times it is the AS 
who is required to respond to violation notices issued to their personnel, or be 
accountable for badge suspensions, the return of access/ID badges that are no 
longer required (employee termination, retirement, or resignations), and other 
issues that relate to the company’s compliance with the regulations and 

the ASP. Anyone designated an AS is required to be trained in their 
responsibilities by the airport security office. The training includes the proper 
method to complete applications so that employees can be issued access/ID 
badges and the method to request access changes (adding, subtracting, or 
changing access to doors and gates). 

4. Designated airport operator employees, known as TAs, perform the essential 
functions of the badging process, including collecting, verifying, and inputting 
applicant data used for the STA process, and fingerprinting applicants for the 
CHRC. Airport operator personnel ensure badge applications are complete 
with the required biographical and fingerprint data for the STA and CHRC. 
Critical data processed from the application includes full legal name, date and 
place of birth, passport number, and alien registration number. Social security 
numbers are not required, however the STA may be delayed without it. TAs 
must also verify the identity of the badge applicant through “breeder” 
documents, such as a birth certificate, Passport, or Social Security card. 

5. A TSA-approved third-party organization known as a DAC processes the 
biographic and biometric information and serves as an intermediary between 
the airport operator, the TSA and the FBI. 


Upon receipt of the badge application information and the fingerprints, the TSA 
then processes the information for the STA, while the FBI conducts the CHRC. 
The results of both are returned to the airport’s TA, who notifies the applicant 
of their status. If the STA and CHRC results are favorable, the airport operator 
employees issue the badge with access to secured airport areas, once the 
individual has completed training. Air carriers and flight schools use similar 
methods to vet their personnel. 


Criminal history records check/security threat assessment 

A CHRC is a listing of certain information taken from fingerprint submissions 
retained by the FBI in connection with arrests and, in some instances, federal 
employment, naturalization, or military service. An STA is a check conducted by 
the TSA of databases, including terrorist watch lists, to confirm that an individual 


Table 5.4 Disqualifying Offenses 
Criminal History Record Check 


Forgery of certificates, false marking of 
aircraft, and other aircraft registration 
violations 


Interference with air navigation 

Improper transportation of a hazardous 
material 

Aircraft piracy 

Interference with flight crew members or 
flight attendants 

Commission of certain crimes aboard 
aircraft in flight 


Carrying a weapon or an explosive aboard 
an aircraft 


Conveying false information and threats 
Aircraft piracy outside the special aircraft 
jurisdiction of the United States 

Lighting violations involving transporting 
controlled substances” 

Unlawful entry into an aircraft or airport 
area that serves air carriers or foreign air 
carriers contrary to established security 
requirements 

Destruction of an aircraft or aircraft facility 
Murder 


Assault with intent to murder 


Conspiracy or attempt to commit any of 
the aforementioned criminal acts 
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Disqualifying Offenses 
Assault with intent to murder 


Espionage 
Sedition? 


Kidnapping or hostage taking 
Treason 


Rape or aggravated sexual abuse 


Unlawful possession, use, sale, distribution, 
or manufacture of an explosive or a weapon 


Extortion 
Armed or felony unarmed robbery 


Distribution of, or intent to distribute, 
a controlled substance 


Felony arson 


Felony involving a threat 


Felony involving willful destruction of 
property, importation or manufacture of a 
controlled substance, burglary, theft, 
dishonesty, fraud or misrepresentation, 
possession or distribution of stolen property, 
aggravated assault, bribery, illegal 
possession of a controlled substance 
punishable by a maximum term of 
imprisonment of more than 1 year 


Violence at international airports 





*Conduct that is directed against a government and that tends toward insurrection but does not 
amount to treason. Treasonous conduct consists of levying war against the United States or of 
adhering to its enemies, giving them aid and comfort. See www.lectlaw.com/def2/s020.htm. 
’Knowingly and willfully operating an aircraft in violation of an FAA regulation related to the display of 
navigation or anticollision lights, or knowingly transporting a controlled substance by aircraft or aiding 
or facilitating a controlled substance offense. 


does not pose a security threat and possesses lawful status in the United States 
and to verify an individual’s identity. To pass the CHRC, a person must not have 
been found guilty, or not guilty due to insanity, within the past 10 years of a num- 


ber of disqualifying offenses (Table 5.4). 
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TIM adjudication service completes the STAs for applicants; the FBI conducts 
the CHRC while TSA inspector personnel provide oversight of the airport bad- 
ging process. The STA included checks of the no-fly and selectee list and a check 
through the Terrorist Screening Center, which is managed by the FBI. In some 
cases, local government agencies have added to the list of disqualifying offenses, 
which is acceptable provided they are included in the TSA-approved ASP. 

DACs also handle fingerprints submitted for the Alien Flight Training 
Program and the public and private charter programs, and it assists with inked- 
card submissions if a live-scan device is not available. The DAC will also assist 
in the reconciliation of fingerprints that are missing in the submission of difficult- 
to-classify fingerprints (construction workers, and others whose occupations/age 
have made their fingerprints difficult or impossible to classify) and in handling 
issues such as amputations, scars, and deformed fingers. The DAC does not see 
the actual results or the details of the criminal records.’ 

Every applicant for access media must produce two forms of ID: at least 
one must be a government-issued photo ID and one must be proof of citizen- 
ship. Enhanced background screening services can provide more in-depth iden- 
tity checks to help ensure the person presenting the identifying information is 
in fact that person and not using stolen ID information. In a 2011 investigation 
by the DHS Office of the Inspector General, they found that in many cases air- 
port operator employees were not using available tools to assist in the identifi- 
cation of fraudulent documents, such as scanners, ultraviolet lights, and loupes 
(magnifying lenses), even when the tools were available at their workstations 
(OIG, 2011), and only one airport had a formalized training program focused 
on airport operator employees’ duties and responsibilities. Part 1542 requires 
each airport operator to ensure that individuals performing security-related 
functions are briefed on specific requirements or guidance as they relate to the 
performance of their duties. Briefings must cover the provisions of Title 49 
CFR Part 1542: SDs, information circulars, and ASPs (OIG, 2011). US CBP 
personnel often offer their services to train airport TAs on a periodic basis in 
the identification of fraudulent documents and the detection of individuals 
using real documents that do not belong to them. 

It is a common misconception that the CHRC identifies an individual. It does 
not. The CHRC only compares the fingerprints it has been given to the finger- 
prints of convicted criminals or individuals that have been fingerprinted and are 





'8Before 1996, background checks were not specifically regulated. Responsibility for conducting 
the checks fell mainly on the employer. The employer decided who needed access media to the 
SIDA. In 1996, the Aviation Security and Anti-Terrorism Act required aviation employees to sub- 
mit 10 years of employment history. The authority issuing access media verified the most recent 
5 years of employment history. If there were significant gaps within the entire 10-year period, then 
the individual was subjected to a fingerprint-based CHRC. Individuals without employment gaps 
were eligible to be issued access media. This process was known as the access investigation and 
many airports and aircraft operators are still conducting the checks, even though it is no longer 
required. 
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in the FBI’s database. If an individual does not have a criminal record, it is possi- 
ble to use a fake ID to obtain an airport access media—a crime under Title 49 
CFR Part 1540.103 Fraud. Operation Ramp check, conducted by the Immigration 
and Customs Enforcement service, has arrested thousands of individuals who 
received airport access media using fake identification. Many illegal aliens were 
arrested after 9/11 at commercial service airports in the United States for obtain- 
ing airport access/ID badges using fake identification. 

STAs are perpetually run while the credential remains active. Airports were 
not allowed or required to conduct recurring CHRCs to ensure that badge 
holders maintain their reputable status (OIG, 2011). However, the credentialing 
process underwent a series of changes in 2015 and now badge holders must 
undergo the CHRC every two years. This change is in response to a growing 
concern about airport insider threats, which was identified by an Inspector 
General’s report noting that passing an initial CHRC does not preclude employ- 
ees from engaging in subsequent criminal activity and presenting an insider 
threat at airports (OIG, 2011). 

Individuals who have been issued access/ID badges are required to self-report 
if they are convicted of a disqualifying offense after they have been issued the 
ID. However, the OIG report states that the self-reporting policy is ineffective 
because most employees would not report themselves for fear of losing their 
job (OIG, 2011). The past actions of some employees reinforce this notion. For 
example, in 2007, a customer service agent with no prior record was found 
guilty of repeatedly accepting bribes totaling $21,500 from an undercover agent 
and agreed to smuggle $396,000 in cash, plus illegally export weapons, military 
night-vision goggles, and a cellular phone “jammer” to a foreign country. Also 
in 2007, two workers at another airport were arrested after bringing guns and 
drugs on a flight. One worker was able to stow the guns and drugs near the 
departure gate ramp after using his air carrier uniform and badge to bypass 
TSA security. 

Some airports have taken additional measures, such as having names run 
through local and state criminal databases, using data mining software to investi- 
gate connections and associations, requiring badges to be reissued annually, and 
in one case, hiring a private detective to check 100 names per month for new or 
outstanding warrants that have not been reported. In the OIG report, both the 
TSA and the airports agree that recurrent CHRCs are necessary. 

Another issue for security practitioners is the acceptance of a CHRC con- 
ducted by another regulated agency, such as another airport or an air carrier. 
Airports can decide whether to accept the CHRC conducted by an aircraft opera- 
tor. When an employee of one airport transfers to another airport, it is up to the 
ASC at the new airport to decide whether to accept the CHRC from the previous 
airport, many airports are no longer using this practice because of the complexi- 
ties with the requirement to re-fingerprint every two years. 

The ASC also accepts a US government employee’s CHRC, provided the 
CHRC was required by the government agency. This is a common occurrence for 
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TSA, FBI, FAA, CBP, and Department of Agriculture personnel needing SIDA 
access. ASCs should consult with the TSA regarding special circumstances such 
as furloughed employees and extended leaves of absence. 


PERSONNEL IDENTIFICATION SYSTEMS 


Personnel identification for unescorted access to an airport is required for access 
to the SIDA. The ID badge is known by a variety of names, including airport ID 
badge, access/ID, SIDA credentials, SIDA badge, and so on. Identification 
must be large enough to be seen easily on the ramp by others working nearby; 
2 3 inches is standard. Access/ID badges must include a full-face photograph, 
the employee’s name, the employee’s employer, a badge expiration date 
(annually), a unique sequenced number, and the scope of access privileges. The 
scope is usually shown by the color of the ID badge. Access/ID badges usually 
denote airfield access privileges using color or icons placed on the badge. 
Individuals cannot have their faces covered on their ID photo, but whether an 
individual is allowed to wear a hat for their photo is at the discretion of the ASC. 

The TSA periodically requires the reissuance of all airport access media and a 
change in the appearance of the badges. "° When this occurs, airport operators will 
often attempt to maintain some semblance of continuity from the old badges to 
the new, while still making them distinguishable from previous designs. For 
example, airports may use color coding to denote movement area access privi- 
leges and, upon reissue, the airport may switch to an icon on the badge. This 
reduces confusion on the part of airport workers, while still distinguishing the 
badge from previous patterns. 

In some cases, the airport operator may allow airport tenants and air carriers 
to use their own forms of identification, provided they meet the standards of Part 
1542.211 and receive TSA approval. Under Title 49 CFR Part 1542.5 Inspection 
Authority, all airports must allow TSA inspectors access to the airport. TSA- 
compliance inspectors carry their own TSA credentials, which must be accepted 
as valid access/ID at any commercial service airport. FAA aviation safety inspec- 
tors have similar privileges and their own FAA 110-A credentials. Other accepted 
forms of identification include flight crew access/ID badges issued by the 
employer (an air carrier regulated under Parts 1544, 1546, or 1548) that meet the 
requirements of this section. 

Other generally acceptable forms of access/ID media at airports include: for 
airports with military operations or facilities, US military—issued identification 
cards; for offsite emergency services personnel, photo identification and access/ 
ID proving employment as an emergency worker; and for airports with GA facili- 
ties, an FAA pilot certificate and a government-issued photo ID for pilots 





There is no set time schedule for conducting the reissuance process. It is a decision made by the 
TSA based on a particular set of circumstances, such as outside intelligence indicating a system has 
been compromised or the overall number of lost access/ID badges. 
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transiting directly to or from aircraft or conducting preflight inspections and pas- 
senger and baggage loading. Whether airport operators accept these alternate 
forms of identification depends on the individual ASP. 

Although TSA Regulation Part 1542 did not specifically require airport operators 
to provide access/ID badges to personnel working at the airport not requiring SIDA 
access, subsequent security directives require that everyone working at the airport in 
the SIDA or Sterile Area apply for and receive an access/ID badge. This does not 
generally include taxi and limo drivers, bus drivers, or delivery personnel but some 
airports have required that landside personnel undergo an STA and/or a CHRC and 
receive an identification badge that does not provide security area access. In fact, it 
was this process that helped identify the movement and activities of Najibullah Zazi, 
an airport shuttle bus driver at Denver International Airport who pled guilty to 
charges that included conspiracies to use weapons of mass destruction, commit 
murder in a foreign country, and for providing material support for a terrorist 
organization, for his role in plotting to bomb the NYC subway system. 

Access/ID badges must be worn on the outside of the outermost garment 
whenever the individual is in the SIDA. Airport operators can make exceptions 
to this requirement for activities where wearing the badge on the outside of a 
garment may endanger the badge wearer, such as during aircraft maintenance 
activities, but any such exception must be articulated in the ASP. 

Lost or stolen badges must be immediately rendered inactive from the security 
system and the badge placed on a stop list. Although a deactivated access/ID 
badge should alarm a computerized security system, there is the possibility that 
someone in possession of a deactivated access/ID badge may jump the perimeter 
fence or enter the airside through a fire alarm door and then place the illegal 
access/ID badge on himself or herself. Putting the deactivated access/ID badge 
onto a stop list provides security and law enforcement personnel with a tool to 
help determine that a person is not in possession of valid access/ID media. Only 
one badge should be issued to each person unless that individual also is employed 
with another airport tenant, in which case two badges—or more depending on the 
number of jobs the individual has—are generally acceptable. 

Badges must have an expiration date within two years of issuance, but some 
airports require annual reissuance or renewal. Temporary badges can be issued at the 
discretion of the ASC. Individuals receiving temporary badges must still pass the 
credentialing process, and the airport must retrieve the badge when the user no 
longer needs it. Temporary badges work well in situations where an individual 
already has passed a CHRC at another airport, air carrier, or government organiza- 
tion and will be temporarily assigned to the airport (eg, air carrier mechanics brought 
in for specialized maintenance or government inspectors and agents brought in for 
special projects or to cover employees on leave), or for construction personnel who 
are on projects for less than two years, or less than what is dictated in the ASP. 

ASCs must conduct routine audits of issued badges and maintain a high per- 
centage of accounted-for badges, or the TSA may require all airport badges to be 
reissued or revalidated. Revalidation generally involves everybody who has been 
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issued a badge returning to the badge issuance office to have his or her identity 
verified and to ensure he or she is in fact in possession of a badge. 


TRAINING 


Individuals with SIDA access must be trained in SIDA-specific policy and proce- 
dures. This training must be completed before an airport ID badge is issued for 
SIDA access. Subjects that must be included in the training are as follows: 


. Policies on unescorted access authorities 

. Control, use, and display of access media 

. Escort and challenge procedures 

. Security responsibilities as identified in Title 49 CFR Part 1540.105 
. Protection of SSI 


aRWND — 


Those who only need access to the AOA must be provided with security infor- 
mation, and not necessarily trained, although it is common practice to provide 
security training to those needing only AOA access for better overall security. 
Airports provide security information in a variety of ways: smaller airports may 
simply brief new personnel on their security responsibilities; medium and large 
airports may use computer-based training programs such as that available from 
AAAE. 


CHALLENGE PROGRAM 


Under the security regulations, anyone issued an airport identification badge must 
not only wear the badge whenever in the SIDA but must verbally challenge any- 
one seen without the appropriate badge. Should the person challenged refuse to 
show, or cannot produce, the appropriate media, the challenger must immediately 
report that individual to airport security or law enforcement personnel (or other 
entity per the ASP). ASPs often include incentive-based testing programs to 
encourage the challenge program. At times, a person authorized by the ASC pur- 
posely does not wear a badge in the SIDA. If challenged, a prize is awarded; if 
unchallenged by a passerby, a warning is issued. An airport and the TSA can 
issue violation notices and take enforcement actions against anyone failing to 
challenge someone without a badge. This type of testing must be specified in the 
ASP to be approved by the TSA. 


ESCORTING PROGRAMS 


The process of escorting involves individuals with unescorted access authority to 
the SIDA escorting individuals without such authority. Title 49 CFR Part 1542 
states that escorted individuals must be continuously monitored or accompanied by 
the escorting individual. Each airport has discretion to interpret how this regulation 
should be applied in its facility. Some airports allow only one escorted party per 
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one individual (1:1 ratio) with an airport ID badge. Airports typically have any- 
where from a 1:1 ratio to a 1:15 ratio. This definition is also subject to wide inter- 
pretation. Some airports use a distance qualification rather than the number of 
escorted parties (eg, within 5 ft, within 10 ft). The actual determiner is completely 
up to the airport operator, subject to TSA approval through the ASP. Aviation secu- 
rity practitioners should keep in mind that the airfield can be a large and noisy 
environment; the ability to control an escorted party can change depending on air- 
craft movements, weather and visibility, and whether it is day or night. 

Construction on airports can push the boundaries of the escort policy. 
Construction activities often bring many unbadged workers into the SIDA and fre- 
quently with only a few badged individuals to watch over them. Some airport 
operators include within their ASPs the provision that construction personnel can 
be escorted by fewer authorized individuals provided that the construction area is 
demarcated by some type of physical barrier such as a snow fence or a temporary 
chain-link fence. 


TRANSPORTATION WORKER IDENTIFICATION CREDENTIAL 


The Transportation Worker Identification Credential (TWIC) program is a TSA 
and US Coast Guard initiative. The TWIC program provides a tamper-resistant 
biometric credential to maritime workers requiring unescorted access to secure 
areas of port facilities, outer continental shelf facilities, and vessels regulated 
under the Maritime Transportation Security Act (MTSA), and all US Coast Guard 
credentialed merchant mariners. An estimated 750,000 individuals will require a 
TWIC. To obtain a TWIC, an individual must provide biographic and biometric 
information such as fingerprints, sit for a digital photograph, and successfully 
pass an STA conducted by the TSA. 

While TWIC may be implemented across other transportation modes in the 
future, the TWIC Final Rule, published in the Federal Register January 25, 2007, 
sets forth regulatory requirements to implement this program in the maritime mode 
first. Some TWIC cardholders have insisted that their card provides them access to 
an airfield SIDA, but this is only the case if an ASC has authorized the TWIC as an 
acceptable alternate form of ID within the ASP, which many have not. 

Before 9/11, there was concern from the pilot community about the feasibility 
of being issued a universal access/ID badge that would work at any airport. The 
concept became known as universal access control, and the TWIC card seems to 
represent the post-9/11 manifestation of that. The primary challenge to creating a 
universal ACS was that many large and medium commercial service airports have 
a proprietary PACS. Because of the security-sensitive nature of these systems, 
many are not designed to be accessed from outside their own airport network. This 
is part of the basic cybersecurity protections of the system. An access/ID badge at 
one airport is not compatible with an access/ID badge at another. Further, ASCs 
are responsible for the access/ID badges that are issued at their airport or of which 
the usage is allowed by a second party (such as an air carrier) as identification in 
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their SIDA. Therefore, ASCs are understandably concerned about the quality and 
integrity of the background check of any individual who has received an access/ID 
badge but did not go through the normal CHRC process. These two realities will 
make implementation of the TWIC card into the aviation industry very difficult. 

Requiring all airports to redesign their PACS to read a new form of access/ 
ID media would cost millions, if not billions, of dollars. If TWIC cards are ever 
issued it is very likely that they would be for background clearance identifica- 
tion; separate PACS cards would still be issued at individual airports. Airports 
see this as an expensive endeavor that will slow the credentialing process and 
take away the airports ability to adjudicate criminal records of badge applicants. 
The addition of biometrics to the TWIC is an added layer of security intended 
to prevent or mitigate this issue, but does not solve the access/ID background 
check issue. 

The universal access control card is more a matter of convenience 
than security. A universal access control access/ID badge actually creates 
additional security concerns; if an access/ID badge is stolen, it could be used to 
access numerous facilities. If an airport access/ID badge is stolen, the access/ID 
badge will only work at a single airport. 

TWIC cardholders must undergo an STA conducted by the TSA and may not 
have been found guilty of a list of felonies, similar to the Title 49 CFR Part 
1542.209 CHRC process. When the MTSA introduced TWIC, airport operators 
feared being required to spend money on a new security ID system when an 
effective system was already in place. However, the maritime, trucking, and rail 
industries lack the formalized and time-tested access/ID systems of commercial 
service airports, and there has been a great deal of effort to bring TWIC to those 
industries. TWIC cards are being tested at a few US airports where marine opera- 
tions exist as well. 


CONTINGENCY PLANS AND INCIDENT MANAGEMENT 


Airports are required to have contingency plans to respond to increases in the 
National Terrorism Advisory System (NTAS), which replaced the previous 
Department of Homeland Security Alert System (the color-coded alert levels), 
and to specific incidents of unlawful interference with aeronautical activity. 
Airports with complete or supporting security programs must have contin- 
gency plans and must implement them when directed by the TSA. These airport 
operators must also exercise their contingency plans as specified within their 
security program (usually one tabletop exercise a year with one full-scale exer- 
cise every other year). All parties involved in the contingency plans must know 
their responsibilities, which mean periodic meetings with those entities 
involved in the plans and ensuring point-of-contact information is continually 
updated. The TSA can approve alternative contingency measures, which still 
provide an overall level of security equal or greater than that of the measures 
in the security program. The TSA can also approve alternatives to exercises in 


Airport PACS 


the contingency plan, such as when an airport has actually implemented a 
contingency plan because of a real-world event. 

NTAS communicates information about terrorist threats by providing detailed 
information to the public, government agencies, first responders, airports and 
other transportation hubs, and the private sector, rather than vague references to a 
potential threat and a color-coded system that was roundly criticized as being 
ineffective. NTAS alerts are issued only when there is credible information of a 
threat, and the alerts contain a sunset provision, a specific date they are automati- 
cally cancelled, thus eliminating “blanket” warnings. 

Prior to 9/11, airports used a system known as AVSEC, aviation security con- 
tingency, to know what measures and equipment are necessary when the FAA 
increased the security measures at an airport. There were four basic levels, plus 
additional special-circumstances levels (measures) that could be added in. When 
the FAA would increase security from normal to AVSEC 1, then each ASP had 
within its contingency plan section certain measures to take, such as increased 
law enforcement patrols or random vehicle inspections (most actions are SSI). 

After 9/11, DHS implemented the color-coded Homeland Security Alert 
System, which used five colors to designate the alert level for the United States. 
Like with AVSEC, each level called for certain measures to be taken by airport 
operators and air carriers. While there were five levels, the country never went 
below yellow and airports almost immediately went to orange and stayed there 
for several years. The colors served the same purpose as the AVSEC levels previ- 
ously served. 

Under the new NTAS, airports and air carriers must convert their previous 
AVSEC plans to match the new threat levels. However, NTAS only issues two 
types of alerts: imminent and elevated. Imminent warns of a credible, specific, 
and impending terrorist threat against the United States. Elevated warns of a 
credible terrorist threat against the United States. Since there are fewer levels 
of alerts than there were color-coded levels, ASCs work with their FSD to 
modify existing contingency plans to meet the new NTAS standards. 
Additionally, under NTAS some alerts may be sent directly to law enforcement, 
certain government areas, or affected areas of the private sector, while some 
alerts will be issued more broadly to the American people through official and 
media channels. 

The AVSEC program allows airport operators to better prepare for increased 
security measures.~” By outlining what the airport operator is required to do when 
the NTAS changes and having the TSA previously approve those actions, the air- 
port operator can better project and acquire needed resources and plan for 
increased funding and staffing levels. An additional benefit of the AVSEC system 
is that the airport public relations department is part of the AVSEC process, so 
that whenever the next AVSEC level calls for additional procedures, some of 





20 Aircraft operators have similar contingency programs, which also increase with increases in the 
NTAS. 
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which may impact passenger flow, the public can be briefed on what to expect in 
terms of adjustments. 


INCIDENT MANAGEMENT 


Airport operators must establish procedures to evaluate bomb threats, threats of 
sabotage and aircraft piracy (hijackings), and other security incidents as specified 
by the TSA. When an airport operator receives such a threat, it must evaluate the 
threat based on the information presented and any other protocols in the ASP. 
The airport must then initiate the appropriate response as outlined in the airport 
emergency plan under Title 14 CFR Part 139.325. The TSA must immediately be 
notified of any act or threat to aviation. Every year, airport operators must review 
the responsibilities outlined in the incident plans with all entities that are part of 
the plan. The difference between what constitutes a contingency plan and an inci- 
dent management plan can be confusing. However, in the TSA’s vernacular, it is 
helpful to think of contingency plans as those plans that are required to be devel- 
oped and implemented when the DHS increases the NTAS, while incident man- 
agement plans are those plans the airport implements when an actual threat or 
attack has occurred. 

When discussing contingency planning and incident command, it is important to 
remember that neither is to be done in a vacuum. Contingency planning is the respon- 
sibility of both the airport operator under Title 14 CFR Part 139 and the ASC under 
Title 49 CFR Part 1542. The airport operator and the ASC must work with other 
agencies, onsite and offsite (fire department, paramedics, law enforcement, adjacent 
agencies, FBI, etc.), to develop and successfully implement their contingency plans 
and incident management plans, taking into account mutual aid responses, nongov- 
ernmental organizations, and the National Incident Management System protocols. 


PUBLIC ADVISORIES 


Airports must post signs advising the public when the secretary of the US 
Department of Transportation has determined that a foreign airport does not meet 
requirements for administering effective aviation security. These signs are usually 
posted at the security screening checkpoints. This practice is part of the State 
Department’s program to protect US citizens flying to foreign destinations. The 
program was initiated in 1978 when the United States, in the interest of protecting 
its citizens, desired more control over the aviation security programs of foreign 
airports. Additionally, the TSA requires airport operators to make announcements 
for passengers to not leave bags and vehicles unattended, and other announce- 
ments related to the screening process and the reporting of suspicious activity. 


Incident Management 


BIOMETRICS AND PERIMETER SECURITY PRIMER 


Biometrics 


Biometrics is often used as a credentialing technology because its authentication 
can be linked to the individual, thus protecting a user against unauthorized use of 
his or her identity (SC-224, December 15, 2015, p. 7). Presently, unless there is a 
biometric, the regulations stipulate only one method of verification (ie, the badge) 
to access 1542.207(a) an airport door. 

Biometric technology is an automated method to determine the identity of an 
individual. Technologies include fingerprint recognition, iris recognition, face rec- 
ognition, speaker recognition, hand geometry, and vascular/vein pattern recogni- 
tion. Access can be denied or granted based on the use of biometric information, 
which can be encoded within the carried credential of the person requesting 
access to a particular area or stored in a central server. Systems are differentiated 
by their resilience, particularly in harsh airport environments, their performance 
(speed and accuracy), and their ability to avoid being circumvented (Price and 
Forrest, 2015, pp. 139). 


Types of Airport Biometrics 

1. Fingerprint Recognition uses the physical structure of an individual’s 
fingerprint for recognition purposes. 

2. Hand Geometry Recognition uses the physical structure of an individual’s 
hand for recognition purposes. Sensors measure the length, thickness, and 
other measurable characteristics of all five fingers. 

3. Facial Recognition uses a two-dimensional or three-dimensional image of the 
visible physical structure of an individual’s face for recognition purposes. 

4. Iris Recognition uses an image of the physical structure of an individual’s iris 
for recognition purposes. 

5. Voice Recognition uses an individual’s speech, a feature influenced by both 
the physical structure of an individual’s vocal tract and the behavioral 
characteristics of the individual, for recognition purposes. 

6. Vascular Pattern Recognition uses near-infrared light to reflect or transmit 
images of blood vessels of a hand or finger for personal recognition (SC-224, 
December 15, 2015, pp. 46—47). 


PERIMETER SECURITY AND CCTV 


PIDS are security detection and surveillance assessment countermeasures, against 
physical security threats that augment other measures such as physical barriers 
and human patrols (SC-224, December 15, 2015, p. 119). 


Some U.S. airports have employed various types of sensor technology for perimeter 
intrusion detection, most have not. There are various reasons, but one prominent 
one is the perceived cost of acquisition, installation, and maintenance. Airports 
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that are in highly populated areas and/or have water abutting airport property 
tend to have a higher degree of intrusion protection, combining both physical and 
technology solutions. Additionally, many airports that need to operationally delin- 
eate inside airport boundaries between AOA and SIDA and/or Secured Areas have 
used technology such as virtual fence (smart motion detection), buried and above 
ground sensors in addition to physical access control systems. 

SC-224, December 15, 2015, p. 122 


In the last several years, numerous perimeter intrusions at airports have 
occurred—from a person stranded on a jet ski who swam to the shoreline of JFK 
airport, jumped the fence and walked to the terminal building, to a stowaway who 
successfully jumped the fence at the San Jose Airport and made it all the way to 
Hawaii in a wheel well, to intoxicated gate crashers at Sky Harbor and even a 
regional jet pilot suspected of murder, crashing an aircraft at the St. George 
Airport in Utah (Price and Forrest, 2015, p. 141). Essentially, the four types of 
PIDS are virtual fence, fence mounted, embedded smart fence, and video. 


1. Virtual fence systems include microwave sensors, photoelectric transceivers, 
ground-based radar, and buried and seismic sensors. These can include 
microwave sensors, photoelectric sensors, or ground-based radar (Price and 
Forrest, 2015, p. 141). 

2. Fence-mounted PIDS involve a cable or sensor mounted on the airport fence 
that senses a disruption in order to trigger the alarm. Fiber optics cables, 
microphonic sensors, and electrostatic sensors are common systems (p. 142). 

3. Embedded Smart Fence uses taut wire to detect movement or an electric fence 
that sends a charge of electricity to whoever touches it (p. 142). 

4. Video PIDS includes the application of software to CCTV systems or thermal 
imaging. Once the video detects motion it runs an algorithm to determine 
whether it is a threat or a nonthreat (such as animals or blowing debris) 

(p. 143). Intelligent video can also “associate” behavior or events, including 
events detected by other sensors such as infrared (thermal) imaging cameras and 
ground surveillance radars, to further aid security operations. Intelligent video has 
numerous security applications, particularly on airport perimeters where CCTV 
cameras can observe large areas without constant human monitoring. Some 
systems are in development that can detect nonmovement and thus alert airport 
security if an object or vehicle has been left unattended for too long. 


Drones and remotely operated unmanned vehicles are other types of PIDS used 
by the US military. The Mobile Detection Assessment Response System (MDARS) 
is mobile and uses multiple detection systems, including Forward Looking Radar, 
RFID, Radar and Light Detection, and Ranging sensors to avoid running into obsta- 
cles and to detect individuals at up to 200 m. Additional infrared and full-color 
cameras allow users to detect objects. MDARS can be controlled by a user operat- 
ing the cameras and using a joystick or gaming controller, or the system can move 
autonomously through preset functions and paths (Price and Forrest, 2015, p. 143). 


Incident Management 


It is uncertain whether unmanned aerial vehicles will ever be approved as perimeter 
security platforms due to the potential conflict with air traffic. 

The Safe Skies Alliance provides excellent guidance on PIDS systems and can 
often assist airport operators in determining what kind of system would be suit 
their needs. Also, it is important to remember that no system is perfect, as demon- 
strated by the PIDS installed at JFK airport, which apparently failed to detect an 
intrusion by a jet skier, who found himself out of fuel and stranded in Jamaica 
Bay. He swam to shore, scaled the airport perimeter fence—the PIDS did not trig- 
ger an alarm, and the employee was eventually stopped by an airline ramp 
worker, as he was attempting to access the building. Every ASC should always 
remember that no system is perfect. 


Applications for CCTV 


CCTV has numerous security applications. It primarily provides a low-cost 
(compared to human monitoring) surveillance option that is also a visual record 
of events. Within aviation, CCTV has a wide variety of applications including 
surveillance over the following: 


Terminal and public areas 

Landside passenger pickup and drop-off areas 
Cargo and loading dock areas and perimeter gates 
Baggage-handling areas”! 

Perimeter fence areas 

Fuel farm and remote storage areas 

Passenger and employee parking areas 

Concourse and gate area access points 


Sr OaRWNn> 


Although CCTV can be used in a wide variety of applications, its operation is 
affected by a number of performance factors: The performance of a surveillance 
system depends on a number of factors including the characteristics of the object 
to be observed (eg, its size, reflectance, and contrast); local environmental condi- 
tions (eg, atmospheric clarity and scene illumination); camera characteristics 
(eg, detector size, sensitivity, and resolution); characteristics of the camera objec- 
tive lens (eg, focal length and relative aperture); characteristics of a display or 
monitor (eg, resolution and contrast); and the ability of the human eye to resolve 
target details (which also depends on whether this is done in daylight or at night) 
(TSA, 2006, p. 162). 

Of these criteria, one of the most important in aviation security is the overall 
resolution of the image along with its field of view. The resolution capability 
depends on how a particular CCTV camera is being used. Fixed cameras over an 
access control door or a sterile area checkpoint should provide enough resolution 
to identify the individual who has breached security. CCTV cameras in use at a 
baggage screening checkpoint, where the purpose of the camera is to deter theft 





?IThis form of surveillance is frequently used for employee theft prevention. 
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of items within a passenger’s bag, may need a high enough resolution to identify 
objects within a piece of luggage for it to be admissible as evidence in a court of 
law. Digital cameras are becoming the industry standard for their resolution and 
the ability to store tons of data on hard drives, rather than videotapes. 

CCTV placement will depend on factors including lighting and the purpose of 
the camera: a fixed camera watches over a fixed area such as an access control point; 
a PTZ camera offers a wider field of view, the ability to move the camera, and a 
zoom capability. Lighting is particularly important in placing a CCTV camera. Some 
cameras can have filters installed that allow better resolution in low-light conditions. 
Lighting conditions often change throughout the day, requiring the use of additional 
cameras or variable aperture lenses that can adjust to accommodate the lighting level. 
In some situations, such as at night or in dimly lit interior areas of the airport, it may 
be advantageous to use CCTV cameras with infrared capability. 

Ideally, all access control points and sterile area screening checkpoints should 
be fitted with CCTV cameras. At larger airports, this means the purchase, installa- 
tion, and integration of hundreds or thousands of CCTV cameras. PTZ cameras 
should be used throughout the public and sterile areas to monitor passenger move- 
ments. PTZ cameras should be placed on the exterior building areas of the airfield 
to monitor the airfield for security purposes and to provide on-scene imagery of 
aircraft incidents. CCTV cameras over fixed access points are often tied directly 
to the ACS. When a door goes into alarm at an access control point, the CCTV 
camera associated with the point automatically activates and begins recording. 
The TSA’s Recommended Security Guidelines for Airport Planning, Design, and 
Construction provide additional guidance to airport operators on how to measure 
the resolution and overall effectiveness of CCTV systems. 

Control of CCTV cameras and storage of recording information is often a func- 
tion of the SOC. Storage of images from analog recorders is usually on videotape. 
More modern systems use digital cameras and store the information on digital 
video recorders. In some systems, video analog imagery is received from analog 
video recorders and then digitized. The type of system—analog/tape, digital, or 
tape-to-digital—depends on the funding available for the CCTV system and other 
requirements, such as the desire to meet a higher security standard. The costs of 
CCTV systems can increase significantly depending on the use of the system, such 
as incorporating motion detection or the ability to discriminate between human and 
vehicle, animals, trees, or other nonthreatening object movement. 


Other methods to secure the perimeter 


Random perimeter patrols are an important part of perimeter protection, as the 
visibility of a human patrol layer of security is an excellent deterrent to criminal 
and terrorist activity. Airport operators can ensure that patrols are frequent and 
random using technology and operational tactics to track and analyze the physical 
patrols, such as using guard checker devices, GPS and communications, and situa- 
tional awareness from the SOC (SC-224, December 15, 2015, p. 123). 


Incident Management 


Another important consideration for perimeter security is routine maintenance 
of fences and a work order system that puts a priority on security-related issues. 
Airport operators should inspect the integrity of the fence; ensure vegetation is 
trimmed so it does not damage the fence or provide a place of concealment for an 
individual to cut through the fence undetected; ensure wildlife do not burrow 
under fencing or chew threw fiber optic lines used to communicate with airport 
PIDS or detecting technologies; and conduct routine, vigilant maintenance of all 
elements of the PACS (SC-224, December 15, 2015, p. 123). 

Another challenge to airport operators is protecting the airport perimeter while 
considering the surrounding environments, which vary widely at US airports as 
shown by the following examples. Newark Liberty International Airport is bor- 
dered by maritime shipping and trucking facilities, which increases the overall 
security sensitivity as several transportation nodes, and thus targets of opportu- 
nity, are in close proximity. An attack on a port or shipping facility at Newark is 
likely to affect the airport as well. San Francisco International and Boston Logan 
International airports are predominantly bordered by water, which requires the air- 
ports to consider perimeter defenses other than the standard perimeter fence. 
Denver International Airport is located on a massive parcel of land, and it can 
take well over an hour for a security guard to drive the perimeter road, which is a 
challenge to the airport security department. San Diego’s Lindberg Field is next 
to the US Marines recruitment depot. It, along with other airports located on or 
near military airfields, is in a symbiotic relationship with the military airport; 
should something detrimental happen to one, it may affect the other. Houston 
Bush Intercontinental Airport is surrounded by trees, which may conceal attackers 
approaching the airport. 

Two airports in particular, Boston Logan International Airport and Houston 
Bush Intercontinental Airport, are notable in the field of aviation security because 
both airport operators have taken unique approaches to perimeter security. Much of 
Boston Logan International Airport is surrounded by water, but one of the primary 
challenges that the airport faced after 9/11 is that the water that surrounds the air- 
port is also home to a thriving clam fishing industry. For many generations, clam 
fishers (known as “clammers”) have been fishing the shores near what is now the 
Boston Logan International Airport. After 9/11, government officials suggested 
that clammers be removed from the proximity of the airport because their business 
activity interfered with the airport’s ability to maintain security. To the 
Massachusetts Port Authority’s credit, officials determined that who better to know 
who should and should not be allowed into those shores than those who have spent 
careers in the area. The airport could have prohibited clamming operations but 
chose to make the clammers part of the security solution by providing security 
awareness training with phone numbers to call if they spotted suspicious activity. 
This is an example of a mitigation strategy that created allies instead of enemies. 

Houston Bush Intercontinental Airport faces the potential challenge of a 
criminal or terrorist using the heavily wooded areas around the 11,000-acre 
airport for concealment to fire a rocket or attempt to penetrate the airfield 
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FIGURE 5.12 
D-Fence product in place at Ben Gurion International Airport in Israel. 





perimeter. The airport has taken a variety of measures to mitigate or prevent 
these types of attacks. One of the first measures was to commission “airport 
rangers,” a group of citizen volunteers who ride horses in areas surrounding the 
airport and report suspicious activity. Each ranger is given a background check 
and provided with security awareness training. This is another example of work- 
ing with the community rather than against it. The airport also is experimenting 
with a variety of perimeter security measures including ground surveillance 
radar and smart CCTV video imaging. 

Israel’s Ben Gurion International Airport, in addition to being heavily protected 
with a barbed-wire primary perimeter fence encircling the entire airport property 
(including landside and the terminal), has a delaying fence similar to that in place 
at many US prisons. The final defense layer for the airport is a perimeter fence built 
by D-Fence, which manufactures wrought-iron fencing designed for airport secu- 
rity concerns (Fig. 5.12). The fence is equipped with numerous motion sensors and 
smart software to distinguish between nuisance alarms (animals, weeds, and other 
nonthreatening items blowing against the fence). The alarm monitoring station is in 
the security control center. When a motion alarm is triggered, a CCTV camera pro- 
vides an image of the location of the alarm, and security units can be dispatched if 
necessary to investigate the disturbance. 


Conclusions 


CONCLUSIONS 


Airports serve as transit points for millions of passengers every day. Therefore, 
airport security is the central concern within the aviation security system. ASPs 
and related systems protect access to aircraft on the ground. The airport serves as 
a critical line of defense, ensuring that passengers and baggage do not possess or 
contain prohibited items capable of destroying aircraft. 

The ASP is an essential document used to describe how the airport will protect 
its infrastructure, the aircraft within its airfield, and the traveling public. The ASC 
is the individual responsible for ensuring that the airport complies with TSA regu- 
lations and the ASP and for protecting the airport from unlawful acts of interfer- 
ence. Airport security centers on controlling access to sterile areas and airside 
areas. Various components are involved in ACS, including physical barriers, com- 
puterized control systems, employee security training, and other methods that all 
contribute to providing a layered airport security system. 





BUSY TIMES AHEAD FOR THE ASC OR DIRECTOR? 


Lori Beckman, A.A.E., A.C.E.-Security 
Aviation Security Consulting, Inc. 


In the early 1990s airport security started morphing into what it is today. Security requirements 
became more structured and regulated and for about a decade expectations between airports and 
the regulatory agency at the time, FAA Civil Aviation Security, were fairly routine and even 
though there was intelligence that showed things were going to change. Incidents such as the 
bombing of Pan Am 103 that were the start of the significant changes that were coming. 


Regulatory Requirements 

Post-9/11 security expectations have been all over the board as the current regulating agency, the 
TSA, has developed and changed as an Agency. In the pre-9/11 years the proposed rulemaking 
process was very straight forward and the majority of changes were promulgated through the 
regulatory process. Post-9/11, initially the FAA and then TSA, issued SDs to meet the current 
threats, but did not understand the long-term impact of these “temporary” measures that in some 
cases have not been amended into ASPs and remain standalone with their supporting procedures 
outside the ASP. A few years after 9/11 with some pressure from airports, the TSA attempted to 
issue an ASP amendment that would encompass the SDs that needed to be made a permanent part 
of the ASP. Unfortunately, items that were not necessarily in the current SDs were added and the 
airport industry asked for further review. The In-depth Security Review Committee (IDSR) was 
born. The IDSR was comprised of representatives from the TSA policy and legal staff, and trade 
associations, the AAAE and Airports Council—North America. The IDSR was tasked to review 
the various SDs and recommend ASP amendments and eventually move all the remaining SD 
items into one SD. 

This group was successful for several years until some staff moved around and then lost its 
effectiveness. The goal was never reached to consolidate down to one SD. So sitting here in 2016 
airports still operate under an ASP, SDs, and more recently, and an Informational Circular 
environment, which does not lend itself to coordinated security efforts and leaves opportunities 
for failures within aviation security because of all the moving parts and various places where 
security procedures can exist and need to be referenced. The IDSR has morphed into the 
Quarterly Security Review (QSR), however as of this publication has not produced any 
proposed changes. 
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Physical Access Control/Identity Management 

The early 1990s was also when the requirements for commercial service airports to install PACS 
became mandatory. At the time access control was new, especially in an airport environment with 
specific requirements such as the ability to immediately delete an individual’s access and to limit 
individual access to airport secured areas by time and date. Many of the systems that were 
installed have been updated over the years and/or completely replaced. However, there are many 
PACS that have not been replaced since that time and are nearing and exceeding 25 years of life. 
Today’s shelf life of a PACS is about 15 years so many systems are in a precarious position and 
airports are budgeting for designing and replacing their PACS. In an airport environment with 
thousands of badges issued to many different kinds of airport employees, the design process must 
be well thought out and organized. 

As PACS are replaced and in some cases apart from, airports are looking to IDMS to replace 
traditional badging systems. IDMS vendors can integrate with the majority of the existing PACS 
on the market. An IDMS allows the airport to comply with issuance and audit requirements 
through rules based programming. IDMS allows airport security staff to spend more time 
providing security by interacting with badging customers and less time with their heads down 
typing in data. IDMS systems push the data entry to the Authorized Signatory for new badge 
applicants and a simple click of a link to submit a badge renewal application. It will allow the 
airport to better comply with potential requirements from the Aviation Advisory Security 
Committee recommendations in the future. 


Biometrics 

Although the TSA has not required biometric entry devices, airports should give thought to how 
they would integrate or add a biometric entry to an existing system or design biometrics into new 
systems. The more airports are proactive in this area, the more likely the TSA will not require 
biometrics anytime soon. Many airports are concerned that they would install a biometric system 
and then the TSA would instill requirements that their system might not meet. While this should 
be in the back of the airport security director’s mind, it does not make sense to ignore the issue, 
especially when designing a new PACS. Best practice is to design for the future with scalability 
and best practices from those airports that have already installed biometrics. 


Improved Technology to Address Insider Threats 

Most technology vendors need help defining the technology that would be useful to help airports 
meet the various screening/inspection requirements. Airports should give consideration to what 
devices/technology would reduce their costs and increase the level of security provided and share 
with vendors and the trade associations. 


Insider Threat 

Insider threat has always been a concern and events highlighted over the past few years 
demonstrate the issue is not going away and possibly escalating. Internet access with smart 
phones and social media has opened up a new world of vulnerability, both from terrorist and 
crime recruiting techniques to threats to technology. Airports should look to technology to aid in 
tracking trends and behaviors that may lend to insider threat issues. 


Internet of Things (loT) 
Airports should be aware of all the devices that are, will or can be connected to the Internet of 
Things. 

Understanding how the devices can connect and ensure that mitigation steps are in place to 
prevent intrusions and theft of information, cheating on tests, etc. 
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Behavior Recognition Training 

The time has come where airports should give serious consideration to training key staff in 
Behavior Recognition. Ideal candidates for training are supervisors, managers, HR staff, etc. 
An airport can no longer make the assumption if the employee works for the governing agency 
they cannot be corrupted. Ensuring key personnel can recognize baseline behaviors and slight 
deviations is critical to mitigating insider threats. 


Baggage Screening 

Immediately after 9/11 explosive detection systems (EDS) for checked baggage was required. 
Many airports inserted stop-gap EDS equipment in their lobbies and eventually moved the EDS 
equipment downstairs, inline, and out of sight. At that point many airport security directors 
somewhat disengaged from the operation and turned it over to engineers and vendors that provide 
the operational support. 

The time has come for airport security directors to reengage as the equipment is being 
replaced by the TSA. It is also important for the airport security director to understand the 
certification process for new equipment and the implications of moving from standard speed 
systems, to medium- and high speed and what that means for the overall infrastructure and 
conveyer systems. The installation or upgrading of EDS is very sophisticated and requires 


adequate understanding and planning. 
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Introduction to screening 


OBJECTIVES 


This chapter will give you further insight into the functions and processes of 
screening in the aviation security system. The fundamental design elements 
inherent with screening checkpoints and emerging issues, such as checked-baggage 
screening, cargo screening, and inspection and aviation employee screening, are 
included. This chapter also describes the roles of the Transportation Security 
Administration (TSA) and airport and aircraft operators as related to screening. 


INTRODUCTION 


Passenger and baggage screening has been the cornerstone of the aviation security 
system for over four decades. Screening has the highest visibility and is the most 
scrutinized component of the aviation security system, and of all the layers within 
the system, screening is the most personally intrusive but also one of the most 
effective at deterring attacks. The term screening can encompass many different 
meanings. The physical inspection of individuals and property using technology 
is the most commonly understood form of screening; however, other forms of 
screening are routinely used. Screening could also include a criminal history record 
check (CHRC) of airport personnel, matching a passenger’s bag in the cargo hold 
to the passenger in the cabin, or employing the known-shipper cargo security 
program as a form of screening. Security screening extends beyond the inspection 
of passengers and their baggage. Cargo screening, computerized prescreening of 
travelers, and profiling are all included in the screening process. 

Security screening is intended to prevent hijackings, bombings, weapons, 
incendiaries, or other dangerous objects from being brought on board a commer- 
cial aircraft. Screening is carried out on ticketed passengers, visitors in an 
airport’s sterile area, certain airport and airline employees, concession employees, 
and vendors. 

Screening passengers and carry-on baggage started in the early 1970s as a 
way to deter the numerous hijackings occurring at the time. Through legislation, 
airlines were assigned the responsibility for the screening function. This 
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responsibility remained with the airlines until shortly after 9/11, when it was trans- 
ferred to the TSA. However, from a regulatory perspective, aircraft operators 
remain responsible for ensuring that no person or piece of property (bag or cargo) 
is allowed onto their aircraft without proper screening. Federal transportation 
security regulations specify that it is the aircraft operator’s responsibility to ensure 
that the screening has been done. Therefore, in the United States the TSA or a con- 
tract company under the Screening Partnership Program (also known as Opt-Out) 
provides the screening service, while foreign governments and foreign contractors 
provide screening for US flights overseas. 

There are four major screening areas: passengers, carry-on baggage, checked 
(or hold) baggage, and cargo. Checked-baggage screening did not start until 
the mid-1980s and only for Canada, and by the late 1980s, for the United 
Kingdom. The International Civil Aviation Organization (ICAO) holds checked- 
baggage screening as a fundamental part of any security program (Shanks and 
Bradley, 2004). 

Canada initiated their checked-baggage screening program after the 1985 Air 
India bombings; Great Britain after the bombing of Pan Am Flight 103. The 
United States implemented 100% checked-baggage screening after the passage of 
the Aviation and Transportation Security Act (ATSA, 2001). Some checked bags 
were screened prior to 9/11 in the United States, mainly those of passengers who 
were selected for additional scrutiny under the Computer-Assisted Passenger 
Prescreening (CAPPS) program, however, the number of screened checked bags 
was still less than 5% of all checked bags in the United States (Shanks and 
Bradley, 2004). 

Cargo screening is one area that has historically received little attention, 
domestically or worldwide. Before 9/11, the United States and much of the world 
did not screen cargo in the way that passenger baggage is screened (eg, X-ray, 
EDS, ETD). Items accepted as cargo are those to be carried onboard a commer- 
cial aircraft without being accompanied by the individual or a representative of 
the entity shipping the item. Most cargo is accepted in a separate air cargo facility 
for each air carrier; however, some cargo is accepted at the ticket counter. 
Airlines use a shipping document, an air waybill, for shipping cargo. This is a 
contract between the shipper and airline stating the terms and conditions of 
transportation, shipping instructions, a description of the commodity, and trans- 
portation charges. Items accepted and treated as checked baggage accompany the 
owner on the same flight and do not have an associated air waybill. According to 
Shanks and Bradley, “the lack of cargo screening is a global dilemma” (Shanks 
and Bradley, 2004, p. 41). Until recently, the primary air cargo security program 
has been the known-shipper program. The passage of ATSA 2001 brought the 
industry’s attention to the issue of cargo screening. In 2007, the Implementing 
the Recommendations of the 9/11 Commission Act required 100% screening 
of all air cargo that is shipped on commercial airliners in the United States. Cargo 
must by physically inspected, which includes the use of X-ray and canine and 
explosive trace detecting technologies. 


Evolution of Screening in the United States 


EVOLUTION OF SCREENING IN THE UNITED STATES 


Initial passenger and carry-on baggage screening programs were designed to detect 
items commonly used by hijackers. The first passenger and baggage screening 
systems were designed to detect guns and hand grenades, carried either on an 
individual or in carry-on baggage. In the early 1970s, airline bombings were so 
infrequent they were not considered a significant threat, and thus, no programs 
were implemented to prevent or deter such attacks. ' 

In 1973, walk-through metal detectors (WTMDs) were installed at airports to 
detect whether an individual was carrying a gun or hand grenade.” Conventional 
X-ray machines, which X-ray an object from only one angle, were used to detect 
weapons and explosives in carry-on bags; neither device actually “detected” 
weapons or explosives. WTMDs sounded an alarm when metal was detected 
within its magnetic field. A security screener then investigated whether the 
individual possessed a weapon or had a nonprohibited object such as a belt 
buckle, steel-shoed boots, car keys, and loose change. X-ray systems only 
provided an image of the objects within a bag leaving the interpretation of the 
imagery to the X-ray operator. 

Often, screeners would use metal-detecting hand-wands to conduct a secondary 
screening. During secondary screening, passengers were asked to roll up shirt- 
sleeves (to reveal a watch) or to remove a belt. These secondary screenings were 
not foolproof. Additionally, WTMDs do not detect plastic explosives. In the early 
1970s, plastic explosives were available only to the military and had rarely been 
used in any aircraft bombing; dynamite was the preferred explosive. Regardless, it 
was assumed that if an individual attempted to conceal a bomb on his or her person, 
he or she would be deterred by a WTMD, assuming the metal detectors would 
detect the metal components within a bomb (timer, wiring, blasting caps, etc.). It 
was thought that if an individual tried to sneak in a bomb in baggage, it would be 
detected by the X-ray operator. Conventional X-ray machines, however, could 
not detect explosives or weapons; they showed only the density of objects in the 
carry-on bags. Screeners had to judge whether the density of the object posed a 
threat or whether a physical search of the bag was warranted. 

As mentioned, security screening was an airline responsibility. Airlines usually 
subcontracted screening to an approved vendor, often by selecting the lowest bid. 
Before 9/11, contract screening companies were notorious for high turnover rates 
of staff and for hiring individuals who were less than qualified for the task. 
Because of these factors, numerous failures of the system occurred when under 





‘During the early 1970s, bombs were more commonly brought onboard aircraft as checked baggage 
rather than carried onboard by passengers. 

*Despite Hollywood movies, such as In the Line of Fire, where a character fashioned a plastic gun 
undetectable by metal detectors, a working plastic gun has yet to be made. The closest plastic gun 
is the Glock 17, an Austrian-made semiautomatic weapon that still contains 83% metallic parts. 
The CIA is rumored to have a ceramic pistol, although this cannot be verified. 
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airline control. From 1973 through the 1980s, airline-contracted screening compa- 
nies using WTMDs and conventional X-ray machines for passenger screening and 
carry-on baggage represented the traditional security screening system. During 
that period several aircraft were bombed using checked baggage as the means of 
introducing the bomb; undetectable plastic explosives were becoming more avail- 
able and being used. Hijackers were also using aviation employees to help bypass 
screening to hide weapons on targeted aircraft. Despite new strategies being used 
by terrorists, screening processes and technologies remained largely unchanged. 

The challenges of passenger and carry-on baggage screening are not new. In a 
1987 US General Accounting Office (GAO) report, the agency pointed out 
glaring inadequacies including a lack of performance standards set by the Federal 
Aviation Administration (FAA) and a lack of FAA enforcement authority related 
to aviation security screening. This assessment concluded that evaluation of the 
effectiveness of the screening programs was inadequate, and wide variations 
existed in the frequency with which test weapons were detected at screening 
checkpoints throughout the United States (GAO, 1987). In the GAO study, at 34 
US airports, the detection rate ranged from 48% to 99%. The average detection 
rate of the test weapons was 80%. 

US Congress passed the Aviation Security Improvement Act of 1990 (ASIA 
1990), which required the deployment of better screening technology by November 
1993. However, by 1997 the FAA still had not deployed such technology. This 
delay was due primarily to the technical problems slowing the development and 
approval of the explosives-detection devices. But we also found that FAA did not 
develop an implementation strategy to set milestones and realistic expectations or 
to identify the resources to guide the implementation efforts. 

ASIA 1990 also established a requirement for employee background checks 
for anyone with security identification display area (SIDA) access and for security 
screeners. However, little guidance was provided on the nature of the employment 
record check, and few employees underwent the check. 

Throughout the 1990s, airline lobbyists opposed new security measures or 
policies that could have increased security but also slowed passenger flow. 
Failure of the screening process was not entirely the fault of the airlines. The 
system was regulated and overseen by the FAA, which had the power to fine air- 
lines for failing to pass screening system tests but did not. According to Kip 
Hawley, former director of the TSA: A more subtle shortcoming of pre-9/11 secu- 
rity was how it discouraged responsibility in the face of failure. When something 
did go terribly wrong, the FAA could blame the airlines for providing insufficient 
security, while the airlines blamed the contractors for faulty execution. The con- 
tractors, in turn, claimed to have met the government’s “specific requirements” 
and pass the blame back to the FAA for not setting appropriate measures. The 
punch line was that all three of them could be right. But this was cold comfort for 
the families of dead passengers (Hawley and Means, 2012, p. 62). 

The FAA’s minimum performance standard for screeners was to detect 100% 
of the test weapons (GAO, 1987) whenever FAA inspectors conducted such tests. 


Evolution of Screening in the United States 


The punishment for a screener who failed a test was usually immediate dismissal. 
This, rather than being an incentive to not miss a prohibited item, was an incen- 
tive not to miss a test object and conditioned screeners to look more for the FAA 
test weapons than for actual weapons and explosives. 

The policy of immediate termination also affected employee morale. Rather 
than setting reasonable expectations and assessing the totality of the circum- 
stances surrounding a screener’s failure to detect a test weapon, screeners were 
simply fired. This policy did not develop better screeners but did hinder the abil- 
ity of the screening companies to hire personnel and drove down morale for the 
remaining employees. Additionally, screeners were trained using the same limited 
number and types of FAA test weapons and explosives, which were obvious 
representations of guns or hand grenades encased in plastic and difficult to miss, 
rather than a variety of realistic-looking weapons and devices. The TSA has cor- 
rected this issue by using computer-imaging technology capable of simulating 
images from a variety of weapons, explosives, and bomb configurations. 

In the 1990s, the FAA did not have a minimum training standard for screening 
personnel or performance or qualification guidelines for screening companies. As 
a result, screener training was inconsistent from one company to the next. The 
FAA fined airlines based only on the failure of screeners to find test weapons and 
explosives. The fines were transferred directly to the security subcontractor, 
which reduced the financial impact on airlines and the effectiveness of the fines. 
The fines the FAA did levy ended up being more a cost of doing business than an 
incentive to improve the performance of screeners. The FAA also did not allow 
the investigations conducted by their own red teams? to be used in civil actions 
against airlines or airports. 

In 1996, the Gore Commission recommended raising the professionalism of 
screening personnel. The commission recommended “development of uniform 
performance standards for the selection, training, certification, and recertification 
of screening companies and their employees” (Gore, 1997). Commissioner 
Victoria Diaz drafted the minority report on behalf of several commission mem- 
bers including family members of victims of Pan Am Flight 103, TWA Flight 
800, ValuJet Flight 592, and others. One family member, the widow of John 
Cummock, a victim of the Pan Am Flight 103 bombing, wrote a letter deriding 
the Gore Commission’s recommendations as being too vague, unenforceable, or 
useless and without appropriate funding mechanisms. Writing specifically on the 
recommendations to improve screening, Mrs. Cummock stated: This recommen- 
dation contains a number of admirable objectives but it, like its predecessor 
recommendation in President Bush’s Commission on Aviation Security and 
Terrorism, lacks teeth. Following President Bush’s Commission of Aviation 
Security and Terrorism and the follow-on ASIA in 1990, the FAA established 
standards for the selection and training of aviation security personnel. Those 





3Red teams are a common security and military term for inspection teams that use nonstandard 
methods to attempt to breach a facility or bypass some security measure, system, or procedure. 


ee 
269 


270 CHAPTER 6 Introduction to screening 


standards were, and still are, totally inadequate. There is nothing to prevent the 
same inadequate actions by the FAA to this recommendation. The Commission 
should specifically recommend that the FAA mandate 80 hours of intensive 
classroom/laboratory and 40 hours of On-the-Job training before performance 
certification for all airline security screening personnel (Gore, 1997, 3.10 
Recommendation). 

Another recommendation of the Gore Commission concerned the deployment 
and use of explosive detection system (EDS) technology, using computerized 
tomography* and explosive trace detection (ETD) technology, capable of detect- 
ing trace amounts of explosives on people or their belongings. A handful of EDS 
and ETD machines were deployed to the nation’s commercial service airports 
with the intent of using them for travelers selected under the CAPPS program or 
selected for secondary screening. The machines were rarely used as few indivi- 
duals were flagged under the CAPPS program for additional screening. When the 
1996 legislation was passed, neither the Gore Commission’s recommendations 
nor the concerns of the minority report to the Gore Commission were addressed. 

The Aviation Security and Antiterrorism Act of 1996 required that security 
screeners, and all other aviation employees with SIDA access, undergo a 10-year 
employment history check. If an individual could not satisfy the requirements of 
this check, then he or she would be required to undergo a fingerprint-based 
CHRC before being allowed unescorted access to SIDAs or to serve as a security 
screener. Reasons for being unable to pass the 10-year check were most often due 
to gaps in employment. Essentially, these were the same requirements embodied 
in the ASIA of 1990, but the 1996 legislation formalized the process and provided 
more guidance on what an employment history check entailed. Since the 
background check, known as an access investigation, was relatively easy to pass, 
less than 3% of the total number of employees working at US airports had to 
undergo the fingerprint-based check. 

The Airport Security Improvement Act of 2000 (ASIA 2000) finally mandated 
screener training standards. These required at least 40 hours of classroom instruc- 
tion and 40 hours of on-the-job training for screening personnel. ASIA 2000 also 
introduced computer-based training? for threat image projection technology to 
security screener testing procedures. These were better simulations of how a 
weapon or an explosive might look to a security screener viewing an X-ray 
monitor. 

Before 9/11, FAA policy allowed passengers to carry knives that were shorter 
than 4 inches onboard, which means that poor screening was not necessarily a 
factor in the 9/11 attacks. The screening system and related policies were largely 
inadequate. In a GAO report published 9 days after 9/11, the GAO found that 





4A CT scan uses a combination of X-rays and computer technology to produce cross-sectional 
images commonly referred to as “slices.” 

*Training or instruction using a computer program to provide instruction and feedback in place of a 
live instructor. 
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screeners were still missing 20% of prohibited items. Screeners missed even more 
items when GAO inspectors used more realistic tactics and test weapons than the 
FAA used in its inspections. As we reported in June 2000, tests of screeners 
revealed significant weaknesses as measured in their ability to detect threat 
objects located on passengers or contained in their carry-on luggage. In 1987, 
screeners missed 20% of the potentially dangerous objects used by FAA in its 
tests. At that time, FAA characterized this level of performance as unsatisfactory. 
More recent results have shown that as testing gets more realistic—that is, as tests 
more closely approximate how a terrorist might attempt to penetrate a check- 
point—screeners’ performance declines significantly. A principal cause of screen- 
ers’ performance problems is the rapid turnover among screeners. Turnover 
exceeded over 100% a year at most large airports, leaving few skilled and experi- 
enced screeners, primarily because of the low wages, limited benefits, and repeti- 
tive, monotonous nature of their work. Additionally, too little attention has been 
given to factors such as the sufficiency of the training given to screeners. FAA’s 
efforts to address these problems have been slow (GAO, 2001, p. 2). 

Despite 14 years and three major legislative actions (ASIA of 1990, Aviation 
Security and Antiterrorism Act of 1996, and Airport Security Improvement Act of 
2000), the performance of screeners was no better than 1987 levels. The GAO report 
went on to note that part of the problem rested with the FAA and its inability to 
promulgate regulations to certify screening companies, noting that it had been 
2% years since the FAA had originally planned to implement certification standards. 

The ATSA 2001 transferred screening to the TSA and added checked-baggage 
screening to the process. Unfortunately, in 2015, the TSA was slammed in an 
Inspector’s General report for failing nearly 97% of screening tests conducted by Red 
Team IG inspectors, so there still seems to be room for improvement in the system. 


SCREENING UNDER THE TSA 


The takeover of screening by the US federal government from the airlines has not 
been without problems and challenges. In addition to passenger and baggage 
screening, ATSA 2001 also set deadlines for the TSA to complete key benchmarks, 
including: 


1. The complete takeover of the screening by November 19, 2002. This included 
more than 400 commercial service airports. 

2. Establishing the basic screener training minimums at 40 hours of classroom 
instruction and 60 hours of on-the-job training. 

3. Annual proficiency reviews and testing of screeners, including remedial 
training of any screener who fails a security test. 

4. The screening of all checked bags using EDS technology by December 31, 
2002. 
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The TSA met its first goal for taking over passenger and carry-on baggage 
screening when it hired more than 55,000 new federal employees within a year 
and met the November deadline. Meeting the checked-baggage screening deadline 
was hindered in 2002 because only two types of EDS machines were certified by 
the FAA for use in airports and the manufacturers of EDS equipment could not 
produce the hundreds of needed units within the time constraints. Airports were 
considered in compliance with the deadline by using a combination of positive 
passenger/baggage matching, inspections by K-9 explosive detection bomb dogs, 
and ETD technology. In his book Permanent Emergency, former TSA administra- 
tor Kip Hawley noted that the TSA met the 100% checked-baggage screening 
deadline. However, the deadline was essentially met because the policy of 
positive passenger/baggage matching was accepted as checked-baggage screening; 
the actual physical inspection or X-ray of checked baggage at all US commercial 
service airports would not be complete for several more years (Hawley and 
Means, 2012, p. 55). 

Although the TSA met the first deadline, the hiring of so many workers 
quickly created an imbalance across the nation; some airports had too many 
screeners, and others had too few (GAO, 2004a). Since 2004, the TSA has 
proffered several staffing models in an attempt to fix workforce imbalances. 

Today, in an attempt to compensate for screener shortages, the TSA established 
a mobile National Screening Force consisting of 700+ screeners who can be reas- 
signed to understaffed airports. Although staffing and training issues are important 
and contribute to the ability of the screener to detect prohibited items, the most 
important issue in screening is the ability of the screener or the technology to detect 
weapons and explosives. There is little public information on this issue, as the fed- 
eral government has classified the performance of both its screening workforce and 
its detection equipment. However, some documents were made public that indicate 
that the ability to detect weapons and explosives has been less than satisfactory. In 
2003, Department of Homeland Security inspectors were able to sneak weapons 
past screeners at 15 airports. In screener performance tests conducted by the GAO 
and revealed publicly in 2004, the agency determined that TSA screeners and 
private screeners tested about the same and that there was no significant difference 
in the success of detecting prohibited items between the groups (GAO, 2004b). The 
less than desirable detection rates pushed the TSA to continue the testing and 
deployment of other systems, such as portal-trace detectors and body imaging 
devices, particularly after two Chechen female suicide bombers snuck bombs past 
the same type of metal detectors in the Russian Federation that were in use in the 
United States at the time. 

Another challenge affecting effective and efficient airport security is the retention 
of government security screeners. The overall lack of promotional opportunities and 
career advancement for screeners has resulted in an attrition rate unacceptable to the 
TSA. In response to these concerns, TSA administrator Kip Hawley announced in 
December 2005 that he was changing the job title of screeners to transportation 
security officers (TSOs) in an effort to expand the identity and job duties of screening 
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personnel (Hawley, 2005). Hawley also stated he would take steps to provide TSOs a 
career path into the Federal Air Marshal Program, the TSO Expert Program, and the 
Behavior Detection Officer (BDO) Program. 

In 2016, TSA Administrator Peter Neffenger affirmed the agency’s commitment 
to improving training for TSO personnel and switched training models. Now, TSOs 
are trained on the grounds of the Federal Law Enforcement Training Center® in 
Glynco, GA (Van Cleave, 2016). Even this option is not without challenges, as a 
joint Airports Council International (ACI) and American Association of Airport 
Executives (AAAE) report called for TSOs to continue to be trained locally during 
the summer travel months, typically the busiest time for the airport and airline 
industry (AAAE, 2016). 


STERILE AREA 


Once an individual and their belongings have undergone the screening process it 
is important to ensure that they nor their belongings mix with individuals who 
have not been screened. This is done through the establishment of a sterile area. 
The TSA offers the following descriptions of the sterile area. A Sterile Area is a 
portion of an airport, specified in the airport security program (ASP) that provides 
passengers access to boarding aircraft and to which access generally is controlled 
by TSA, or by an aircraft operator under 49 CFR 1544 or a foreign air carrier 
under 49 CFR 1546, through the screening of persons and property. The primary 
objective of a sterile area is to provide a passenger holding and containment area, 
preventing persons in it from gaining access to weapons or contraband after 
having passed through the security screening checkpoint (SSCP) and prior to 
boarding an aircraft (TSA, 2006b, p. 65). 

Sterile areas are those areas within the terminal where passengers wait after 
screening (Fig. 6.1). From a regulatory perspective, access to these areas is the 
responsibility of the aircraft operator and the airport operator. However, from a 
practical stance, the TSA, through the performance of the screening function, 
“controls” much of the access to the sterile area at airports in the United States. 
Unauthorized personnel must be prevented from entering the sterile area without 
undergoing screening. 

For aviation personnel entering a sterile area through a Part 1542.207—regulated 
airport access-controlled door, their credentialing check is considered the required 
screening. This concept often creates confusion to neophyte security practitioners, 
particularly when there is a common belief that all personnel must undergo the 
screening process before entering a sterile area. Personnel entering the sterile area 
by way of an SSCP and not a Part 1542.207—regulated access-controlled door must 
undergo passenger and carry-on baggage screening. The issue of requiring all 
aviation personnel with SIDA badges to undergo the passenger screening process 





Although TSOs are trained at FLETC, they are not trained as federal law enforcement agents. 
They are provided 2 weeks of training in TSO job duties. 
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FIGURE 6.1 


Depiction of a sterile area (TSA Security Design Guidance). 


continues to be debated in the United States. Some US airports have adopted the 
practice, establishing screening checkpoints at airfield access gates and other loca- 
tions, but private contractors working for the airport conduct the actual employee 
screening, not the TSA. An employee’s job responsibilities also determine whether 
he or she can access the sterile area through an airport access-controlled door or 
through the screening checkpoint. An employee possessing an authorized access/ID 
badge may, depending on job title and access authority, access the sterile area 
through an airport door, as long as he or she does not board an aircraft and fly out. 
Almost without exception, any aviation employee who boards an aircraft must be 
screened at the SSCP, even if the individual has approved access. Among the 
limited exceptions are flight crew personnel at their home airport who are on duty 
and will be serving in a flight crew capacity once they board the aircraft. 

Entry into sterile areas is through SSCPs, of which there are three types: the 
sterile concourse station, the holding area station, and the boarding gate station. 
Sterile concourse stations are placed at points between public-use terminal areas 
and sterile areas within the airport. This configuration is the most desirable as it 
provides the highest level of passenger security at the best cost and is in use at 
most every US airport. 

The benefits to security offered by the sterile concourse station include the 
consolidation of screening staff, closed-circuit television (CCTV) monitoring, and 
law enforcement coverage. One checkpoint can often serve numerous airlines. 
However, because a sterile concourse station acts as the last point of control 
before passengers enter multiple concourse areas, when a checkpoint is breached, 
unless personnel respond rapidly to the breach, an entire concourse or airport may 
have to be shut down, evacuated, and searched, and the passengers rescreened. 
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FIGURE 6.2 
A boarding area station design (TSA Security Design Guidance). 





In holding area stations, passengers are screened and then moved to secure 
rooms or areas with boundaries while they await transport to aircraft. Screening 
breaches of holding area stations do not affect the airport as much as other 
SSCPs, as only the holding area must be shut down subsequent to the discovery 
of a breach. 

The boarding gate station is a design typically in use at small commercial 
service airports that do not have sterile areas (Fig. 6.2). In these cases, the board- 
ing gate station serves as the screening checkpoint and boundary between the 
public area and the airfield security areas (ie, secured areas). 

Some airports use a combination of the design elements for sterile concourse, 
holding area, and boarding gate stations. Denver International Airport (Figs. 6.3 
and 6.4) uses the sterile concourse station for its SSCP between the terminal and 
the bridge to Concourse A, and the holding area station concept within the main 
terminal at its north and south screening checkpoints, before passengers access 
the underground train to the concourses. 

The queue area is where passengers wait and line up for the screening process 
at the SSCP. After 9/11, the space needed for passenger queuing and the 
additional space needed for more screening equipment and personnel significantly 
increased the overall space required. Significant terminal redesigns were done in 
a short period to accommodate the new, larger checkpoint demands. 

The space allotted to passenger queuing is based on the airport’s peak-hour 
enplanements (based on the highest amount of passengers measured on the busiest 
days of the year, averaged over the four busiest months of the year). The TSA 
has updated the specific design specifications and resources, such as passenger 
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FIGURE 6.3 





Denver International Airport's north screening checkpoint, August 2001. 





FIGURE 6.4 





Denver International Airport's north screening checkpoint, post-9/11. 
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throughput, personnel, or space requirements (TSA, 2006b). The TSA provides 
this data to airport planners and engineers for design and building purposes. 
The TSA does admit that the average throughput for rough computational 
estimates is 175—250 passengers per hour per screening lane, but the agency cau- 
tions that this estimate can vary considerably at higher levels of security or with 
the development of new technologies at an SSCP. These numbers will also 
continue to change with the implementation of precheck and other risk-based 
screening (RBS) procedures and the integration of advanced imaging technology 
(AIT) machines. 

During the initial days of the TSA, a Disney engineer helped to design the 
queuing system with ropes or bands attached to poles to form passenger movement 
lanes. The cutbacks or zigzag method increase passenger throughput and reduce 
waiting times and maximize space within the terminal. 


STERILE AREA BREACHES 


The sterile area represents a high threat level to the airport operator, as it enables 
direct access to aircraft and the airfield. Unauthorized individuals in a sterile area 
(ie, those who have not undergone the proper screening) must be identified imme- 
diately, sequestered, and questioned by law enforcement personnel as to their 
intentions and whereabouts in the sterile area. A breach of a sterile area often 
causes an entire concourse, or sometimes an entire airport, to shut down all flight 
operations until the affected areas can be evacuated and searched for prohibited 
items. This represents a loss of millions to the airlines and disrupts the entire 
national airspace system. Ensuring that unauthorized individuals do not access the 
sterile area is a priority for the TSA, the airport operator, and the aircraft 
operators. 

Protecting sterile areas from unauthorized personnel and items involves 
more than just screening all personnel and their belongings. There are busi- 
nesses and aviation employees who require access to prohibited items in the 
sterile area to do their jobs. For example, airline and airport maintenance 
personnel often carry a variety of tools that are normally prohibited at a screen- 
ing checkpoint. Catering, vendor, and restaurant personnel have access to knives 
and box cutters within their shops in the sterile area—again, items that are 
prohibited through a screening checkpoint. The airport operator must maintain a 
strict inventory of which businesses have prohibited items and in what quantity. 
Business operators must train employees on the proper use and security of these 
items. Airline and airport personnel authorized to carry prohibited items in 
sterile areas must be trained in the proper security of such items, and the airport 
operator must maintain a database that includes the names and job titles of these 
individuals. 

In the 2000s, the TSA mandated the physical inspection of catered goods by the 
airlines and the physical inspection of goods delivered to the sterile area by ven- 
dors. Prior to 9/11, many airports engaged in a process known as reverse screening, 
in which small, air-carrier aircraft would arrive from an airport where screening of 
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aircraft, passengers, and baggage was not conducted. The aircraft parked in a desig- 
nated area, and passengers and their carry-on bags were then screened upon entry 
into the Sterile Area, often at the concourse. Many airports stopped this practice 
after 9/11, but some airports have recently reconsidered this approach, as the TSA 
has cut screening services from many small airports (AAAE, 2016). 


SCREENING CHECKPOINT OPERATIONS AND DESIGN 


The SSCP is a dynamic and busy environment and one of the most important 
components of the aviation security system. Many SSCP-related factors, such as 
staffing and the layout or number of checkpoints, affect security and ultimately 
reduce or increase risk in the airport security system. In the early 2010s, the 
implementation of AIT machines into the SSCP created additional complications 
for airport managers who had to find room to accommodate the larger machines. 
Additionally, flooring had to be strengthened and the AIT machines have higher 
power requirements than metal detectors. 

Inadequately designed checkpoints can result in more passengers waiting in 
public areas, which can be potential targets for terrorists. Inadequately designed 
checkpoints can also reduce the performance of screeners who may perceive the 
need to work faster to reduce the wait for passengers. Longer passenger lines 
often result in low levels of customer service and can cause passengers to miss 
their flights. Inadequate staffing of a checkpoint can reduce the effectiveness of 
detecting prohibited items. Poorly designed or managed checkpoints can result in 
more breaches of screening if passengers become disoriented in the SSCP area. 

In recent years, the TSA has deployed K-9 teams using specially trained dogs to 
detect explosive vapors. Previously, all TSA deployed dogs were trained to conduct 
detection on stationary areas or items, such as an unattended bag. K-9 deployments 
have not appreciably slowed the checkpoint lines down, but occasionally the TSA 
decides to focus more energy on detecting items and will forcibly slow the lines 
down as a result (McCartney, 2016). These slowdowns have the unfortunate 
outcome of making the screening checkpoint a more attractive terrorist target, so 
often, the deployment of K-9 teams is an attempt to screen passengers for 
explosives, while looking for suspicious persons who may also be carrying 
explosives or weapons, with the intent of attacking the checkpoint. 


DESIGN 
According to the TSA (2006b, pp. 91—92), SSCPs should: 


1. prevent persons with prohibited items from boarding a commercial aircraft; 

2. prevent exit lane breaches; 

3. secure exit lanes for arriving passengers during both operational and 
nonoperational hours of the SSCP; 
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4. accommodate persons with disabilities requiring wheelchair accessibility or 
allowances for other assistive devices; 
5. provide for minimal interruption or delay to the flow of passengers and 
others being screened; 
6. provide effective and secure handling of tenant goods that cross from the 
nonsterile area to the sterile area (ie, vendor deliveries); 
7. allow adequate equipment maintenance and interference spacing requirements; 
8. provide for operational flexibility in response to changes in passenger loads, 
equipment, operational processes, and security levels; 
9. be flexible enough to accommodate new technology and processes; 
10. be an efficient and effective use of terminal space; 
11. provide acceptable and comfortable environmental factors, such as air 
temperature, humidity, air quality, lighting, and noise; 
12. be of safe and ergonomic design; 
13. ensure adequate power, data, and CCTV equipment requirements. 


According to ICAO, detailed planning and consideration of security, human 
factors, and operational requirements can help optimize the passenger screening 
process. The size of screening checkpoints is somewhat based on how many ticket 
counters are available to process passengers. The International Air Transport 
Association Airport Development Reference Manual set recommended parameters 
for certain passenger processing functions: (1) slightly over 2 minutes for ticketing/ 
check-in, (2) 15 seconds per passenger for passport control, and (3) 12 seconds per 
passenger for security screening. These times do not take into account the 
queuing time before each process. With advanced security X-ray machines and AIT 
(body imagers) the average screening processing time is closer to |—2 minutes per 
passenger, after waiting in the line. 

The number of ticket counters is one method used to help measure passenger 
throughput, however, the expanded use of airline common-use equipment has 
accelerated check-in times. With more self-service kiosks in the terminal and as 
passengers use the Internet and smartphones to check in for flights, bypassing the 
ticket counters altogether, benchmarks such as peak hourly enplaning passenger 
and annual passenger enplanements must also be used to determine how many 
screening checkpoints are needed for a particular airport. 

The “goal” time for an individual to wait in the screening queue is 10 minutes. 
This objective was started after a comment made by former Secretary of 
Transportation Norman Mineta in response to a media question (Hawley and 
Means, 2012, p. 43). Former TSA administrator Kip Hawley and TSA personnel 
were using 10 minutes as the basis for checkpoint design; however, once the 
media and Congress grabbed onto the sound bite, the goal for processing of 
an individual through a screening checkpoint became 10 minutes and that is the 
current expectation of passengers and airlines. 

Checkpoints should have explosive and weapons detecting technologies that do 
not pose a threat to passengers or screening personnel, minimize the footprint and 
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construction costs, maintain revenue-generating areas within the terminal wherever 
possible, increase throughput rates, and preserve passenger privacy. Also, an SSCP 
should be designed to use automation whenever possible, as humans generally 
make poor system monitors. 

The general advice is that airports should limit the number of screening check- 
points to as few as possible, while retaining acceptable passenger throughput levels 
(as established from the normal level of passenger enplanements at each airport). 
However, with the suicide bombing in the terminal area in Moscow’s Domodedovo 
Airport in 2010, and the multiple suicide bombers in the public areas of the 
Brussels airport in 2016, the “rule” to minimize screening checkpoints (done mostly 
to reduce the chances of a breach) should be weighed against current threats. To 
mitigate the death and destruction caused by suicide bombers in public areas, 
security design principles promote spreading out screening areas, having multiple 
points of entry throughout the building, so that lines are overall, shorter. 

SSCPs should be designed to accommodate airport concessionaires and mainte- 
nance and operation personnel who move equipment and supplies through the 
SSCP. SSCPs must also allow the passage of emergency services personnel, their 
vehicles, and equipment (eg, electronic paramedic carts and mobile explosives 
detection equipment) and provide discrete areas where undercover air marshals, 
federal agents, law enforcement personnel flying armed, and armed pilots can be 
processed without being in plain view by the traveling public. Concessionaires 
represent a particular challenge to airport security, as deliveries occur throughout 
the day and delivery personnel change frequently. It is best if delivery personnel 
can use nonpublic-area loading docks to deliver their products. Concessionaire 
employees working at the airport who have access/ID badges can then transport the 
items to their stores and in or out of the sterile area (TSA, 2006b). 

SSCP areas should, when possible, be located away from public view and 
prevent the unauthorized passage of articles from the nonsterile area to the sterile 
area. Walls or partitions should be placed to minimize surveillance by criminals. 
Such sheltering also helps X-ray operators maintain focus. When it is not possible 
to shield the SSCP areas from public view, the airport security coordinator (ASC) 
can deploy law enforcement and security patrols to watch for individuals 
who might be conducting covert surveillance or to thwart an attack on a crowd of 
passengers in a screening area. 

SSCP design considerations must also include the space available for expanding 
to accommodate larger passenger loads and new equipment. In 2004, portal-trace 
detectors were added as additional equipment at US SSCPs. While these were 
experimental at first, and later removed from the SSCPs, they were soon replaced 
with AIT machines, which took up even more space. 

Another important component of SSCP design is CCTV coverage. Video 
cameras can provide surveillance for law enforcement in the deterrence of theft 
at SSCPs. CCTVs can be very valuable in the event of a screening breach. 
CCTVs should be positioned to capture the images of the faces of passengers. 
CCTVs can also be used to help monitor closed and unstaffed SSCPs 
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(TSA, 2006b). They should be of high digital quality as lesser quality imagery 
is not often useful in determining the unique characteristics of individuals pass- 
ing through SSCPs. 

Other design considerations include secondary screening areas, walls and 
partitions to keep passengers separated from other passengers and their baggage 
during screening, and a holding area for passengers waiting for secondary 
screening. Break rooms, locker areas, and administrative areas are also needed for 
security screening personnel. 

The use of extended tables leading up to X-ray machines helps facilitate and 
expedite passenger and baggage screening. Chairs and tables located at the exit of 
a screening area help maintain passenger flow without interfering with screening 
by giving passengers room to put their shoes back on, put laptops back into carry- 
on bags, and so forth. At Vancouver International Airport in Canada, screening 
checkpoints are equipped with circular countertops located near the exit areas of 
SSCPs. This provides passengers with a location to retrieve and reorganize their 
belongings and gives screeners a convenient location to conduct secondary 
screenings (Price, 2004). A simple rule of checkpoint design to improve passenger 
flow is to put in more divestiture and recomposure tables. 


OPERATIONS 


Entry lane protection 

The TSA, airport tenants, law enforcement, and local building inspectors and fire 
inspectors should be consulted as part of the SSCP design and follow the stan- 
dards in the TSA’s Checkpoint Design Guide Standards, published in 2006 (TSA, 
2006a) and revised in 2009. The TSA’s publication, Recommended Security 
Guidelines for Airport Planning, Design, and Construction (TSA, 2006b), also 
contains detailed information on SSCP, as well as TSA Security Checkpoint 
Layout Design (2006c), both produced by ACI. The following elements are 
characteristic of an SSCP: 


1. Prescreening preparation instruction zone, located in front of the SSCP and 
usually includes signage, instructional videos, “ambassador” staff, and 
sometimes posters discussing prohibited items, the effects of screening 
technology on film, private screening options, TSA warning signs, and 
airline carry-on and pet restrictions. Some SSCPs feature pictures and 
diagrams to help passengers with the process. 

2. The queuing space, which includes queuing stanchions to define the lines, 
the travel document check stations, and tables and bins for passengers to 
begin the divesture process, removing metallic items and wallets, cell 
phones, and other devices that may trigger the screening devices. 

3. WTMD (the TSA has upgraded all earlier WTMDs to an “enhanced” status) 
or other weapon or explosive detecting technology. 
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10. 


11. 


12. 


13. 


14. 


The nonmetallic barrier is used to prevent individuals bypassing the WTMD 
and to stabilize the WTMD units themselves. As stand-alone units the 
WTMDs are rather unstable. 


. The nonmetallic American’s with Disabilities Act gate is used to 


accommodate passengers with wheelchairs or otherwise disabled and not 
able to use the WTMD. The use of nonmetallic materials prevents disruption 
of the performance of the metal detecting devices. 


. Carry-on baggage X-ray machine, which is a single-angle X-ray device for 


screening passengers’ carry-on baggage. In some cases, EDS machines may 
be implemented in the screening checkpoint. 


. Divest and composure tables are used for passengers to retrieve their 


belongings and to improve the throughput rate. 


. Adjacent walls and barriers separate sterile from nonsterile areas and are at 


least 8 ft high. If the walls are adjacent to the exit lane, they should be 
transparent, allowing security personnel to view the exit lanes. 


. Passenger containment and inspection, which is the holding station 


(sometimes combined with a wanding station) that is used to hold passengers 
waiting to undergo secondary screening. This station must be positioned 
such that affected passengers can be diverted without obstructing the flow of 
passengers not requiring secondary screening. Additionally, this area should 
include a secure door to prevent passengers from walking away without the 
knowledge or consent of the screener. 

Wanding stations are not enclosed areas, but rather specified points near the 
SSCP where hand-wands or pat-downs are used to perform additional screening. 
Explosive detection machines for use in secondary screening. ETD machines 
provide considerably more imagery and interpretation than conventional 
X-ray machines. They are used to protect the safety of the screener and to 
minimize the intrusion on a passenger’s privacy. 

Egress seating areas are where passengers can put their shoes and coats back 
on and get their personal belongings back in order. 

The law enforcement officer (LEO) station is where LEOs may be 
positioned to enable them to view the entire screening operation, providing 
as unobstructed view as possible. 

Private screening areas should provide enough space (and privacy) to 
accommodate one passenger, two TSOs, a chair, and a search table. If space 
is available, this location should ideally accommodate passengers with 
disabilities, passengers under escort (eg, a prisoner who requires an LEO to 
stand by), or who have interpreters. 


The prescreening preparation and instruction area is the primary area where 


airport personnel often serve as instructional guides, helping to inform passengers 
of standard security requirements, such as reminding them to remove their laptops 
and not to attempt to take prohibited items through the checkpoint. Videos may 
also be shown in these areas to provide the same types of instructions. 
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The changes in checkpoint access policies and new checkpoint designs caused 
airports to lose a lot of real estate than pre-9/11 operations and screening checkpoint 
footprints—real estate that was either previously used for the movement of passen- 
gers or for concessions. Either way, airport operators saw their amount of 
rentable space decrease significantly, severely impacting revenue collection streams, 
but some companies and airports have found innovative methods to reclaim some of 
that lost revenue. One of the first initiatives was to sell advertising space at the 
bottom of the bag bins, sharing revenue with the airport. SecurityPoint Media, one of 
the pioneering companies in this field, soon took the concept one step further by 
creating a checkpoint area that utilized wall space for more advertising, and by also 
creating a checkpoint design that was more customer friendly—something TSA 
attempted to do, but without much success. 

Queuing spaces are where passengers await their turn for screening. Queue 
lines are designed to increase the speed at which passengers move through the 
lines. Security agents also conduct document checks in queuing spaces. Passenger 
document checks are performed to ensure that each individual has a boarding 
pass and government-issued photo identification. At many foreign airports, the 
document check is also used to conduct security questioning. 

After 9/11, access to sterile areas was primarily restricted to those with boarding 
passes. The majority of people passing through a screening checkpoint are airline 
passengers. However, other personnel who have business within sterile areas but are 
not boarding an aircraft may need access. For example, there may be individuals 
visiting airport personnel for business meetings or training. Others may be accompa- 
nying passengers who require assistance in getting to their gate. The airport and the 
TSA work together on procedures to allow these individuals sterile area access. 
Access is usually granted along with a visitor’s pass (also referred to as a concourse 
pass or pier pass). 

Other personnel requiring access through checkpoints include members of law 
enforcement. LEOs traveling armed on aircraft require special handling through a 
checkpoint, particularly if operating undercover. LEOs who are conducting inves- 
tigations not related to aviation crimes but operating undercover or are not 
uniformed and not flying out on an aircraft also require special handling through 
a screening checkpoint. Emergency response personnel such as paramedics, emer- 
gency medical technicians, firefighters, and airport operations personnel require 
expedited access through the checkpoints. 

In 2006, a computer student at Indiana University constructed a web site that 
printed fake boarding passes. These passes supposedly would allow the user to 
bypass airport security checkpoints. The student claimed that the web site was not 
intended to be used for criminal or terrorist purposes but to show “security theater,” 
the student’s term for showing that security is deeply flawed (Silverstein, 2006). 
This attempt to show a gap in the aviation security system is typical of assumptions 
made by those who do not understand the layered security system. 

Although security gaps exist and there will always be room for improvement 
in security measures, aviation security practitioners should not jump to the latest 
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perceived security advantage without first carefully considering if there is an 
actual security risk. Security practitioners must make decisions on what actions to 
take and what monies to spend as part of an overall risk assessment, rather than 
immediately addressing what may only be a problem of perception. Although a 
fake boarding pass could get an individual through a sterile area checkpoint (as 
could a fake driver’s license), the passenger still requires a real boarding pass to 
get on the aircraft, and the individual still must undergo screening, thus reducing 
the likelihood that he or she could conceal a prohibited item within the sterile 
area. The document check serves as an additional layer of the security system—it 
is not the last point of failure, nor is it designed to catch common criminals—it is 
designed to catch terrorists and make it more difficult for an air terrorist to com- 
promise the system. 

After passing the document check, passengers select their screening lane and 
begin divestiture. This often includes removing laptops from their cases and 
removing shoes, belts, and outerwear. The TSA also requires that any liquids be 
presented in a one-quart transparent bag, separate from other baggage. Divestiture 
procedures change as security levels increase and decrease. These changes should 
be incorporated into the prescreening preparation and instruction zone briefing. 
The TSA implemented a “diamond” line system for a period of time in the hopes 
of speeding up the screening process, but the results of this remain a subject of 
debate. Based on the system used by ski areas to denote beginner, intermediate, 
and expert skier, the same concept was attempted by the TSA—a green circle 
indicated an infrequent traveler, a blue square indicated a somewhat more 
frequent traveler, while a black diamond indicated the line was for frequent flyers 
who completely understand the screening system and are good at getting through 
it. While some declared it a success, passengers tended to drift to the shortest 
line, ignoring the system altogether, and the system relied largely on individuals 
having some knowledge of the icons used at ski areas. 

Following the queue line, passengers must submit their carry-on bags for 
screening and personally pass through the WTMD. After 9/11, all WTMDs were 
enhanced for better metal detection. WITMDs should be located next to the 
explosive detection equipment or X-ray machine. Nonmetallic gates should be 
next to the WTMD to allow wheelchair access. 

A holding station to detain passengers requiring secondary screening should 
be located immediately beyond the WTMD. Shortly after 9/11, there were 
several incidents at US airports where individuals had been asked to wait until a 
screener could conduct a secondary screening. For a variety of reasons, the 
individuals did not wait and proceeded to the sterile area, creating a screening 
breach. Soon thereafter, airports incorporated holding stations into their SSCPs 
(Fig. 6.5) to prevent individuals waiting for secondary screening from going 
into the sterile area. 

The wanding station is the location used for secondary screening. If a passenger 
sets off the WTMD alarm, a security screener must pass a metal detecting hand- 
wand over the individual’s body. The screener may also conduct a pat-down search 
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FIGURE 6.5 


Close-up view of an SSCP. 





and may ask the passenger to step into a private area to remove clothing if war- 
ranted. These searches are conducted under supervision by screeners of the same 
sex as the passenger. 

ETD equipment may also be located at the SSCP. The ETD machine is used 
when the X-ray operator notes a suspicious item within a bag. In these cases, 
another screener will investigate the contents using the ETD machine. The ETD 
equipment is often used as part of this secondary screening along with a physical 
search of the suspect bag. 

Other elements of SSCPs include portal-trace detectors, an LEO section where 
police are stationed to watch over the screening, a supervisor administrative 
workstation, private search areas, CCTV coverage, data port connections, and exit 
travel lanes. The TSA’s Recommended Security Guidelines for Airport Planning, 
Design, and Construction show variants of multiple SSCP lane design. 


Exit lane protection 
Passengers and others use exit lanes within sterile areas to move back to the 
public areas. Exit lane protection is an important consideration in the design of 
SSCPs. Specific concerns related to exit lanes include breach alarms, physical 
barriers, personnel coverage, CCTV coverage, and the implementation of 
response corridors (long hallways that provide a time and distance barrier to 
breach attempts). 

A breach occurs when an individual enters a sterile area without being 
successfully screened. The most common form of security breach is when an exit 
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lane is compromised. Typically, exit lanes are protected by security personnel 
who physically monitor the exits. When individuals attempt to enter the sterile 
area through the exit lane, security personnel redirect them to the screening entry 
lanes. If a person refuses and continues to enter the sterile area, security notifies 
additional resources to respond while attempting to keep a visual on the offender. 
If two security guards are protecting the exit lane, one can pursue the offender 
while the other remains in position to prevent additional unauthorized access. 
If the security guard loses sight of the offender, then the entire concourse or 
airport (depending on the configuration of the facility) may have to close until the 
person can be located and the entire sterile area is resterilized. Many security 
breaches occur when individuals exit the sterile area, realize they forgot some- 
thing, or believe they are in the wrong area, so they turn around and reenter the 
sterile area through the exit lane. While these are seemingly innocent actions, it is 
still considered a security breach and must be handled as such. 

Some airports have incorporated revolving doors or turnstiles capable of 
blocking entry from public areas while permitting egress for those departing 
sterile areas. Such designs must also allow sufficient space for the passage of the 
person with baggage and accommodate the disabled (TSA, 2006b). 

Many pre-9/11 airport designs located the exit lanes next to the SSCPs. Where 
possible, the TSA (2006b) recommends locating exit lanes away from SSCPs to 
physically separate those entering sterile areas from those exiting. If exit lanes are 
located next to entry lanes, a see-through barrier between the SSCP and the exit 
gates, such as a substantial plastic or laminated glass wall, should be installed. 
This allows law enforcement and other security personnel at the SSCP to observe 
exit lanes and immediately respond to a breach attempt. 

Some new exit lane designs have incorporated a long response corridor to 
enhance detection of anyone attempting to breach the exit lane. Located just 
beyond the SSCP, a response corridor can give security time to catch and detain 
individuals who have not been screened. 

Additional measures, such as the use of CCTV equipment and alarms, should 
be taken at both the exit and entry lanes to prevent breaches. CCTV equipment 
can be used to record the breach attempt, making it easier to identify and locate 
offenders. CCTV combined with motion sensor and alarm technology can be 
installed to monitor exit lanes. 

Alarm systems that can be activated by security personnel are another important 
tool to prevent breaches. If a breach occurs, the screener can activate an audible 
alarm (ie, panic button) that alerts all personnel at the SSCP including LEOs. The 
alarm should be tied into the airport’s access control alarm monitoring system, thus 
immediately notifying the security operations center, which can take additional 
actions to prevent unauthorized access. While many airports have a gate or door 
that can be lowered to close off the exit lane when not in use, a few airports have 
installed such gates or doors that, upon activation by a security person, will drop 
into place rapidly—fast enough that an individual attempting to breach the system 
could be stopped by the gate device. 
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Until December 2005, the TSA was responsible for protecting exit lanes, but 
that responsibility is presently a topic for industry debate. In 2006, the TSA 
issued a policy that attempted to transfer exit lane staffing to the airport operator 
when the SSCP closes, or if the SSCP and exit lanes are visually separated. The 
airport industry has not universally agreed with this policy and the issue remains 
in debate. 


SCREENING: TERMINAL OPERATIONS AND PROFILING 


In addition to the passenger and carry-on baggage screening at the SSCP, other 
screening methods are used before entering SSCPs and during screening. Document 
verification and passenger profiling are two such additional layers of security. Both 
require special training before security agents can be effective and efficient at 
either. Like all other security measures, neither documentation nor passenger 
profiling is 100% effective in preventing threats to security. Nevertheless, each is a 
critical component of the layered aviation security system. 


TRAVEL DOCUMENT VERIFICATION 


Document verification is an important component of screening to ensure the 
ticketed passenger is the same passenger who boards the aircraft. At some foreign 
airports, the document check is conducted at the ticket counter, at the beginning 
of the screening queue line, again at the WITMD, and once more before boarding. 
In the United States, the documents are checked at the ticket counter and at the 
beginning of the screening queue. At some US airports, depending on the existing 
threat level, other document checks occur at the WTMD and occasionally at the 
boarding gate. 

It is important to have individuals properly trained in the verification of autho- 
rized identification but the TSA is also implementing the Credential Authentication 
Technology/Boarding Pass Scanning System (CAT/BPSS), also known as the travel 
document scanner. The CAT/BPSS will scan a passenger’s boarding pass and photo 
ID and automatically verity the name provided on both documents, then match and 
authenticate the boarding pass. The technology also identifies altered or fraudulent 
photo IDs by analyzing and comparing security features in the IDs. 

Special-category passengers must also be accounted for at screening check- 
points. Passengers with diplomatic privileges and their protective personnel, 
LEOs, deportees, and prisoners and their law enforcement escorts must also be 
processed at the screening checkpoints. Diplomats with protected document 
holders and their armed law enforcement escorts are considerations for the 
screening operator. The proper handling of such individuals and their armed 
escorts must be precoordinated through the US Department of State before travel. 
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Diplomatic pouches” are exempt from screening provided the proper procedures 
as set forth from the US Department of State are followed (2004). 

Armed LEOs who must show identification to supervisory screening personnel 
must be able to do so out of sight of the public. It may also be advantageous to 
screen prisoners separately from the public screening areas for the protection of 
the public and the anonymity of the armed law enforcement escorts. 


PROFILING 


Martin Aggar is the commercial director of Group 4 Securicor UK Security. In an 
article in Aviation Security International, Aggar described passenger profiling as a 
rapid risk analysis based on suspicious signs in a passenger’s documentation, itiner- 
ary, appearance, or behavior (Aggar, 2005). Profiling has been successfully used to 
identify and deter terrorist attacks and to apprehend drug smugglers, money laun- 
derers, petty thieves, and illegal immigrants. The first objective in profiling is to 
determine the absence of the normal and the presence of the abnormal (through 
document inspections, behavior observations, etc.). Aggar stated, “It is a complete 
waste of time and money, and plays into the terrorists’ hands to subject all passengers 
to a detailed bag and body search when clearly, if they have not been duped, 
99.99 percent pose no threat to the flight” (Aggar, 2005, p. 21). 

Profiling is a sensitive topic, particularly in the United States, where the term 
is often interpreted to imply racial profiling. Racial profiling has been largely 
dismissed by security professionals throughout the world as being ineffective and 
a naive and insensitive approach to maintaining aviation security. In fact, racial 
profiling can increase risk when it causes security personnel to focus on only 
individuals of a certain race or religious background. 

Racial profiling would not have identified Timothy McVeigh or Terry Nichols, 
perpetrators of the 1995 vehicle bomb attack on the Oklahoma City Murrah 
Federal Building, or Richard Reid, the “shoe bomber” who attempted to blow up 
an American Airlines flight in 2001. Nor would it have identified John Walker 
Lindh, the “American Taliban.” Because of 9/11 and the rise of Islamic fundamen- 
talist terrorism, there is a tendency among some to believe that terrorists are only 
young Middle Eastern males. However, the face of terrorism changes over time, as 
Louise Richardson noted in her 2006 book, What Terrorists Want: “Today, the 
term ‘terrorist’ connotes the image of a radical Islamic fundamentalist from the 
Middle East. Thirty years ago, the term conjured up images of atheistic young 
European Communists” (Richardson, 2006, p. 10). 

There is a tendency to focus on a particular demographic, primarily when an 
individual of a specific demographic was responsible for a recent terrorist attack. 
This is not so much an issue of race as of nationality. Rafi Ron, former security 
director at Ben Gurion International Airport in Tel Aviv, Israel, in an interview 





7A diplomatic pouch (container of some sort, not necessarily an actual pouch) has diplomatic 
immunity from search or seizure. 
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for Aviation Security International in 2002, noted that most of the terrorists acting 
against the United States are from extreme Muslim groups. I know people can 
say there are always the likes of Timothy McVeigh so why pick on the Muslims. 
And I say, do not pick on the Muslims, but at the same time, do not ignore the 
fact that most of the terrorists right now are coming from extreme Muslim groups. 
Now, that does not mean that you should automatically make every Muslim a 
selectee in your security process, but, at the same time, do not ignore it. I was 
invited to testify before a House committee in Washington on profiling. I received 
tremendous support from the committee members. There were about 30 of them, 
and I think that about 28 were extremely supportive of the use of Behavior 
Pattern Recognition (BPR)? because it excluded the racial element. One of the 
committee members asked me specifically whether nationality should be an 
element in security profiling. And my answer was “if somebody’s home address 
is a cave in Afghanistan, it would be ridiculous to ignore it.” There is nothing 
unconstitutional to use nationality as part of your security profiling when it comes 
to protecting the United States against its enemies. The people who wrote the 
Constitution never intended to blur the view of the government in this country 
identifying who is their enemy and who is not. So, it may be politically correct to 
go and pick on a 72-year-old Norwegian, but it is not very practical. 

When it was determined that the Oklahoma City Murrah Federal Building was 
bombed by individuals who held extremist views and had connections to certain 
militia groups in the United States, security and law enforcement began to focus 
on others participating in such groups. 

Although the debate continues as to whether nationality should be used in 
profiling, the trend has been to keep profiling focused on document checks and 
the observation of behaviors—passive and active (through observation or the use 
of security questioning). Behavioral profiling is the process of understanding how 
an individual will behave when telling a lie or attempting to deceive or when 
acting in a manner consistent with preparing to commit a crime. Profiling, accord- 
ing to Dan Korem, author of The Art of Profiling, is the ability to assess a 
comprehensive amount of information about a person’s personality (Korem, 
1997). Profiling can help a security or LEO better predict criminal strategies and 
intent and obtain useful information during interviews (Korem, 1997). In the 
aviation security field, the definition of profiling extends to identifying enough 
information about an individual’s intent to determine if he or she is a threat to 
aviation security. This can be accomplished by noting behaviors, body language, 
conversation, and other factors. 

Humans have learned to profile as a survival mechanism, as noted by 
Malcolm Gladwell, author of Blink: The Power of Thinking Without Thinking. 
Gladwell remarked, “The only way that human beings could ever have survived 
as a species for as long as we have is that we’ve developed another kind of 





BPR is the study and process of observing an individual’s behavior and interpreting that behavior 
as an indication of potential risks or threats. 
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decision making that’s capable of making very quick judgments based on little 
information” (Gladwell, 2005, p. 11). Gladwell’s comment relates directly to 
profiling methodology, such as the ability to interpret body language. 

Body language experts Allan and Barbara Pease noted that “the ability to read a 
person’s attitudes and thoughts by their behavior was the original communication 
system used by humans before spoken language evolved” (Pease and Pease, 2004, 
p. 7). As an example, subsequent to the advent of broadcast media, today’s 
politicians understand that politics is about image and appearance and will often 
hire personal body language consultants to help get their message across (Pease and 
Pease, 2004). 

Profiling begins the moment an individual encounters another human or 
animal. Korem calls the first step in profiling a read and offers the following 
description of the read process. Reading people is a natural reaction that none of 
us can avoid. We all spend time reading and interpreting people’s actions, trying 
to predict how they will act in the future. Each time an observation of an 
individual’s behavior is made, it is called a read. When several reads are 
compiled together, we identify a profile which provides a more complete picture 
of a person (Korem, 1997, p. 3). 

When someone walks down a street late at night and spots a group of people 
approaching, profiling begins. In this case, profiling is initiated by asking various 
questions: Are they looking at me? How are they looking at me? Is it intently, the 
way a predator studies its prey, or casually, as if to wonder if I am a threat? Are 
they taking any actions that I need to be aware of? Are they attempting to conceal 
something? Do I know them? What is their reputation? How are they dressed? 
How many are there? What are they doing here? Our example profiler continues 
the internal questioning while observing the group’s behavior and making further 
evaluations. The individual then decides on a course of action based on these 
evaluations. 

Successful police officers and criminal investigators rely on intuition, often 
characterizing it as a funny feeling that something is just not right. Gladwell’ s 
(2005) research showed that intuition may be related to experience and training in 
what patterns and nonverbal clues are present when a crime is about to be, or has 
been, committed. Although some people are better at noticing nonverbal clues, 
the skill of profiling can be taught. 

The first step in profiling is to establish a baseline. This is how a person 
typically behaves under normal circumstances. Korem (1997) noted that people 
typically act in consistent, similar ways, called traits. When two or more traits are 
combined, we establish types. Combine two or more types, and you develop a 
profile (Korem, 1997). 

Establishing a baseline within an airport environment can be difficult as 
travelers often behave differently at an airport and when traveling by air than 
they do when going about day-to-day business and personal activities. Many 
people are anxious about flying and display signs of nervousness. Additionally, 
an airport is a busy and often overwhelming environment for many infrequent 
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fliers, which increases their stress levels, throwing off what would be their normal 
behavioral baseline. In fact, the stress felt by passengers and the manner in which 
they exhibit that stress is frequently argued as the primary weakness against the 
effectiveness of profiling in an airport environment. However, proper profiling 
should consider these factors when establishing the behavioral baseline. The 
general public and the media have expressed concern that the general nervousness 
associated with flying, or the anger occasionally associated with the process of air 
travel (long lines, invasion of privacy, etc.), could be indicators of suspicious 
activity. However, the emotions of anxiety and of anger exhibit different signs 
than does that of deception. 

When establishing a behavioral baseline, profilers should be aware that 
individuals can be trained to deceive. For example, professional actors spend 
years perfecting their art. In this example, believability is derived from the actor’s 
talent at modifying behavior coupled with the audience’s lack of training at 
identifying deceptive body language and behavior. 

Profiling focuses on a variety of factors, but body language is central. Albert 
Mehrabian, one of the original body language researchers, found that the impact 
of a message is about 7% verbal (words), 38% vocal (tone, inflections), and 
55% nonverbal (Pease and Pease, 2004). This research has since been called 
into question, specifically the breakdown of the percentages, but regardless, 
many individuals still watch for tone, inflections, and nonverbal cues upon with 
to make their judgments about others. A mistake that is commonly made is 
relying just on the spoken word to communicate and ignore the body language. 
Research subsequent to Mehrabian’s studies has shown that between 60% 
and 80% of communication, particularly in a business setting, is nonverbal 
(Pease and Pease, 2004). Since the 1990s, several researchers have explored the 
meaning of body language including Eckman (1992), Gladwell (2005), and 
Pease and Pease (2004). Much of this research has focused on the ability to read 
body language to identify behaviors, emotions, or truthfulness that may contra- 
dict the spoken word. 

Although body language is not admissible in court in determining whether an 
individual is innocent or guilty, this inadmissibility does not mean that a person’s 
body language should be dismissed. Body language is similar to reasonable suspi- 
cion in that it may indicate that further investigation is needed. 

When an individual lies, the body tends to give away clues, often called tells, 
that the person intends to deceive—for instance, raising the pitch of the voice, 
looking away from the person one is talking to, or flying into a tirade when 
questioned. Sometimes, tells may be normal responses, particularly in an airport. 
Although many emotional responses are not absolute evidence of deception, they 
are worthy of additional attention while the person conducting the profile seeks 
more information to make a threat assessment. Although we may communicate 
primarily with our voices, our bodies can project many different messages. 
Deception clues may be in the form of a micro-facial expression, swallowing, a 
change in breathing patterns, sweating, body and leg positioning, a slip of the 
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tongue, or a voice inflection (Eckman, 1992). Typical indicators of suspicious 
activity can also include’: 


1. An unusual amount of baggage, either too little for an international flight, or 
too much, beyond what is typically carried for that flight, or inappropriate for 
the length of stay. 

2. Individual cannot seem to describe the contents of their own bag or does not 
seem to know much about their destination (where they are staying when they 
arrive, length of trip, whether it is business or pleasure—a good BDO can 
continue to ask questions and better identify holes in a story than someone 
who only asked a set of scripted questions). 

3. Stamps or visas from terrorists sponsoring States. 

4. Inability to speak the language that their passport is issued in, or a passport 
issued in a different country other than the one in which the individual was 
born. 

5. Frequently changing lines in the passport or screening lanes, additional 
observation is necessary to determine if the person(s) is just trying to find a 
faster moving line—typically, a “normal” passenger will weigh their options 
heavily before switching lines. 

6. Anyone holding back from other passengers in order to observe the screening 
lines (typical behavior is to find the shortest line and get right through it). 

7. Restating simple questions that the individual should readily know the 
answer to. 

8. Excessive lip biting, perspiring, deep breathing, self-grooming. 

9. Excessive use of qualifying words, such as “maybe,” or “to be honest with 
you,” or “almost.” Also, it is common for an individual who is telling the 
truth to continue to recall additional details about their trip, as the 
conversation goes along. It is very rare for someone who is trying to lie, to 
add more details into a story later on as they are trying to stick to their story. 


In Telling Lies: Clues to Deceit in the Marketplace, Politics, and Marriage, 
Paul Eckman (1992) explained why it is difficult to get away with a deception: 
“The question is, why can’t liars prevent these behavioral betrayals? Sometimes 
they do. Some lies are performed beautifully; nothing in what the liar says or 
does betrays the lie.” Liars do not always anticipate when they will need to lie, so 
there is not time to prepare a response and its delivery. Even when there has been 
time, someone may not be clever enough to anticipate all the questions that may 
be asked (Eckman, 1992, p. 43). This is why good security questioning often 
involves a series of questions, some of them seemingly unrelated to security. 

Eckman explained that the second reason liars cannot always prevent body 
language from revealing deception is because of the difficulty in concealing or 
falsely portraying emotion. When liars choose to lie, they generally prefer to 





°Some of these are detectable at Port of Entry locations, such as customs or immigration. Other 
behaviors are observable at both Port of Entry locations and screening locations. 
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conceal rather than falsify. When concealing, nothing has to be contrived and 
there is less chance of being suspected. Concealment is passive, not active 
(Eckman, 1992). When a lie is told, the liar must remember the same version of 
the lie as originally told. In law enforcement, this challenge is often characterized 
as “getting your stories straight.” 

Security questioning is considered more effective than passively observing 
behaviors. A liar loses the choice of whether to conceal or falsify once challenged 
(Eckman, 1992). When being questioned, a liar must create stories either in 
advance or on the spot. This stress causes the body to exhibit certain noticeable 
characteristics. A person who is being observed without being questioned can 
more carefully select and rehearse how to behave so that the behavior more 
closely matches the norm. 

Questioning can also create emotions that may not be exhibited during passive 
observation. Eckman stated that “people do not actively select when they will feel 
an emotion, and negative emotions may even happen despite themselves” 
(Eckman, 1992, p. 47). Questioning can also cause an emotion to appear sud- 
denly, rather than gradually. When emotions gradually appear, it is harder to 
detect the deceit as the behavioral changes are less noticeable. Strong emotions 
brought on quickly are harder to control (Eckman, 1992). 

However, there are situations where criminals have rehearsed their “perfor- 
mance” so carefully as to not show many of the visual or auditory signs of decep- 
tion. In these cases, a professionally trained profiler can still spot the deceit, as 
liars usually monitor and try to control their words and face more than their voice 
and body (Eckman, 1992). Eckman stated that the body is a good source of 
leakage and deception of clues as it is not tied directly to areas of the brain 
involved in emotion, as the face and voice are. Eckman explained that, “The 
body leaks because it is ignored. Everyone is too busy watching the face and 
evaluating the words” (1992, p. 85). 

Additionally, Eckman (1992) pointed out that if a liar has not worked out the 
lies in advance, he or she will have to be cautious, carefully considering each 
word before it is spoken. And even if the liar has worked out the lie in advance, 
the body language, specifically illustrators,*'° or emphasis on words or gestures 
may actually decrease (Eckman, 1992). This is another clue for profilers that a 
deception may be in the works. 

Israel is known for its profiling practices and its ability to ferret out criminals 
and terrorists through profiling. It was profiling and security questioning that 
prevented Anne Marie Murphy from boarding an El Al flight in 1986. Murphy 
had a bomb in her suitcase that had been planted by her fiancé, unbeknownst to 
her, who was a Syrian intelligence agent. 





Eckman classified illustrators as emphasis that can be given to a word or phrase or gestures that 
repeat or amplify what is being said. Brow and upper eyelid movements or the trunk of the body 
can also be illustrators, serving to emphasize an expression. 
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In Israel, profiling starts when a traveler books his or her flight. Background 
checks are run to ensure a ticket is not being issued to a known terrorist or 
criminal. Travelers arriving at the airport usually first experience profiling at the 
vehicle checkpoints, before entering airport property. Security questioning begins 
when the traveler enters the terminal building. Before a passenger checks in 
for the flight, security personnel question him or her about travel plans, agenda, 
luggage, purpose of the trip, and so on. 

Challenges to implementing the Israeli model of profiling in the United 
States include the number of passengers that US airports enplane daily, versus 
the relatively small number enplaned in Israel, and the civil rights issues 
surrounding profiling in the United States, which are not problematic in Israel. 
In spite of this and shortly after 9/11, Boston Logan International Airport hired 
Rafi Ron, a former security director at Ben Gurion International Airport 
in Israel, to teach airport and airline personnel methods of profiling that were 
scalable to their operations. 

Started in 2004 as a pilot program, Ron’s patented BPR method teaches 
personnel working at an airport, such as air marshals, screeners, and state 
police, how to identify suspicious behaviors that could indicate a terrorist 
plot and then to report such behaviors to LEOs. Uniformed and undercover 
officers watch people as they move through terminals, looking for odd 
or suspicious behavior such as heavy clothes on a hot day, loiterers without 
luggage, and anyone observing security methods. Screening supervisors use 
score sheets containing a list of suspicious behaviors. If a passenger hits 
a certain number, an LEO is notified to question the person (Associated 
Press, 2004). 

Air marshals have also been trained to watch airport crowds as they await 
flights, looking for things outside the normal range of behavior. In an article for 
the Toronto Star, Jack Shea, special agent in charge of the federal air marshals 
in Boston, MA, made the following remark regarding BPR: “What I like about 
it, it’s very basic, it’s common sense, it’s effective, it works” (Associated Press, 
2004, p. H10). Although the BPR program has caught several individuals with 
outstanding warrants, critics of the program, including the American Civil 
Liberties Union, are concerned that BPR could become a pretext for racial 
profiling. Barry Steinhardt, the director of the American Civil Liberties Union’s 
technology and privacy program, qualified this concern by stating, “Not every 
police or security officer who’s going to be heading up a local operation is 
going to be sensitive to the racial implications of the project, especially as you 
roll it out nationwide” (Associated Press, 2004, p. H10). Other privacy 
advocates prefer the BPR program to the government’s plans to conduct screen- 
ing via computer databases to try to identify potential terrorists. In this regard, 
David Sobel, general counsel for the Electronic Privacy Information Center, a 
leading critic of the background checks, stated that “Targeted interviewing is 
certainly preferable [to screening via computer databases]” (Associated Press, 
2004, p. H10). 
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TSA’S BEHAVIOR RECOGNITION PROGRAMS 


In 2004, the TSA began implementing a program known as SPOT (Screening 
Passengers by Observation Techniques). SPOT involves specially trained security 
officers scrutinizing people in security lines and elsewhere in the airport. By 
assessing a person’s body language and travel details, screeners can make a quick 
judgment on the threat level (Meckler and Michaels, 2006). Suspicious indivi- 
duals can then be questioned and referred for either secondary screening or to law 
enforcement personnel. SPOT has led to the use of BDOs. BDOs are TSOs who 
receive special training in identifying suspicious behaviors. Initially, BDOs were 
deployed to passively observe passenger behavior, which is not as effective as 
actually questioning individuals. In 2010, the GAO concluded that there was not 
a scientifically validated basis for using behavior detection for counterterrorism 
purposes in the airport environment, and further that there was not a means of 
recording and tracking data on suspicious individuals (GAO, 2010, p. 16). 
Unfortunately, many in the media and the general public took the GAO report to 
mean that behavior detection is ineffective, which is not what the report 
concluded—it primarily called into question the particular behaviors that TSA 
was using and whether those were accurate. Additionally, it is difficult to measure 
the effectiveness of behavior detection when part of the objective of the program 
is to deter criminal and terrorist activity. Deterrence, measuring the number of 
times something did not happen, particularly when it is not known how often a 
criminal act was attempted but then deterred, is extraordinarily difficult. In 
9 months and with about 7 million people flying out of Washington Dulles 
International Airport, several hundred people had been designated for intense 
screening through the BDO program, and about 50 were turned over to the police 
for follow-up questioning. Several resulted in arrests, mostly for immigration 
violations (Lipton, 2006). 

In 2011, the TSA started the assessor program at Boston Logan International 
Airport, which added the security questioning process to the BDO process. The 
program rapidly was nicknamed “chat-down,” a word-play on the pat-downs 
conducted by TSOs at the checkpoint. 

One problem with the BDO program is that TSOs do not have law enforcement 
powers, which means if they see a suspicious person, they can request that the 
individual talk with them, but they do not have the legal right to detain them. They 
can require the passenger to go through secondary screening if the individual still 
desires to board a commercial aircraft, or they can refer the individual to the local 
police. But, even police officers must fulfill requirements called for in the Fourth 
Amendment to the US Constitution before they can detain an individual. Therefore, 
when a BDO requests law enforcement assistance on an individual the BDO finds 
suspicious, the LEO can still elect to not question the individual, and unless there is 
a reasonable suspicion that a crime has been committed or is about to be committed 
by the individual, then the individual has the right to leave the area without further 
LEO interference. Some in the airport law enforcement community questioned 
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whether civilian BDOs should even be engaging with passengers and citizens who 
may be potential threats, since the average BDO is not trained (nor armed), and not 
prepared to deal with a violent confrontation that may include facing a suicide 
bomber or active shooter. A joint statement from ACI/AAAE issued in April 2016 
recommended moving BDO personnel to the Travel Document Checkpoint (TDC) 
locations and moving the current TDC personnel to back fill lost screener positions 
at the checkpoint. This makes sense in one respect in that behavior detection 
works better when it is active engagement, instead of passive observation. 
Otherwise, it may be impossible to determine if someone is exhibiting certain 
behaviors, such as the thousand-yard stare, staring down at the floor, and not mak- 
ing eye contact, because they are a suicide bomber, or a grieving relative traveling 
through the airport to attend a loved one’s funeral. Plus, it helps solve some of the 
screener staffing issues that some airports have been facing at the checkpoint (ACI/ 
AAAE 2016). 

The SPOT/BDO programs raised another issue directly relevant to ASCs, who 
are charged with overall security including law enforcement and security in the 
terminal building. While some suspected the program is an example of TSA 
“mission creep,” another real logistical issue with TSOs going into the public 
areas, expanding their security purview into the terminal where airport police and 
security personnel are already on patrol, are the coordination and control issues 
among essentially two or three security groups, all of which report to different 
agencies and have different requirements under the ASP. Questions are raised, 
such as how will a police officer prioritize two conflicting security issues? For 
example, a TSA behavioral officer spotting a suspicious individual at the same 
time the airport needs that same police officer to respond to an issue that he or 
she is required to respond to under the ASP. 


AVIATION WATCH AND SEE SOMETHING, SAY SOMETHING 


Aviation Watch is a program initially developed at Boston Logan International 
Airport and in use at some airports. It is based on the Neighborhood Watch 
program used in residential communities throughout the United States. Aviation 
Watch was adopted and formalized into a training video distributed by the 
AAAE. 

See Something, Say Something is a program similar to Aviation Watch and is 
promoted by the TSA. Initially developed by the Port Authority of New York and 
New Jersey, the program has spread even beyond the aviation community to other 
transportation industries and even American society in general. 

Aviation Watch teaches airport workers how to spot suspicious activities, 
actions to watch for, and how to respond when they notice something odd. 
Aviation Watch focuses less on questioning and more on observation in an airport 
environment. It established the concept of understanding norms, such as distin- 
guishing the difference between a group of passengers on the shuttle between 
Washington, DC, and Boston and a group of passengers traveling to Orlando, FL. 
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If it is a weekday, the shuttle flight is usually filled with passengers in business 
attire, carrying laptops and small briefcases, whereas the flight to Orlando is more 
likely to be filled with families going on vacation. Although the business traveler 
would not be out of place on the Orlando flight, a family of four might be out of 
place on the shuttle. Although not necessarily a cause for alarm, this activity is 
enough to warrant some additional attention by airport personnel. 

The Aviation Watch program focuses on other suspicious behavior, such as 
individuals photographing or videotaping security procedures, emergency exit 
doors, and other areas not normally the subject of photography at an airport. 
Aviation Watch is typically not affected by civil liberties issues, as it does not 
involve active security questioning, just observation of activity and law enforce- 
ment notification. 

Several airports, like Salt Lake City International Airport in Utah, have insti- 
tuted their own versions of Airport Watch programs. In Salt Lake City, aviation 
employees are trained to report suspicious activities to law enforcement. The 
training is reinforced with signage in both English and Spanish around the airport 
to remind employees and passengers to be watchful for suspicious activity, along 
with a phone number to call to report such activity. It is useful to include the 
emergency contact phone number, as it cannot be assumed that calling 911 will 
reach the airport police. Some cities do not have the 911 system in place, and in 
many other cities, calling 911 from the airport will put the caller in touch with 
the local police department, not the airport police. This causes the local police 
dispatcher to route the call back to the airport, thus delaying the law enforcement 
response. 

Salt Lake City has also embraced a population of aviation hobbyists who 
enjoy plane watching (plane spotting). These individuals are commonly referred 
to as spotters. These groups exist at many airports across the country, with indi- 
viduals gathering around the airport perimeters to watch aircraft take off and 
land. Often they photograph aircraft, note tail numbers when trying to spot spe- 
cific planes, and are equipped with VHF scanners to listen to pilot—ATC com- 
munications, binoculars, and cameras. Such activity is legal provided the 
spotters stay outside the airport perimeter fence and protected air navigation 
zones. 

Shortly after 9/11, spotters came under greater scrutiny from federal officials 
and police officers who did not understand their motives. Spotters can be a 
tremendous security asset. They are often a tight-knit group and are keenly aware 
when there is a newcomer in their midst, particularly when the newcomer engages 
in activities not normally associated with plane spotting. In Toronto, Canada, one 
group of plane spotters, calling itself YYZ Airport Watch, even has its own 
web site (see www.canairradio.com/airportwatch.html) and includes as part of its 
mission “to observe, record, and report suspicious activity” while engaged in 
plane-spotting activities. 

Plane spotters are often very familiar with normal airport operations and 
activity in and around an airport. Airport operators should create a formal 
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program to include such individuals as part of any suspicious activity reporting 
program. The first step is to verify that none of the spotters is wanted or has a 
criminal history, particularly involving interference with aviation operations. If 
possible, a CHRC should be conducted and, for the spotters who are at the airport 
frequently, the airport should consider issuing non-SIDA identification badges, 
similar to those issued to aviation employees who work only in the landside areas 
of the airport. These identification badges can reduce the time police and airport 
security and operations personnel spend when conducting checks of the spotting 
groups. Any identification issued should have a photo, an expiration date, a 
distinctive appearance so the badge cannot be mistaken for an SIDA access/ID 
badge, and rules that the badges cannot be loaned or used improperly. Approved 
plane spotting areas should also be delineated, with proper signage to ensure 
individuals know where they can and cannot be. This facilitates safety and 
security, as airport operators do not want individuals within the runway critical 
areas and safety zones. 

There are many examples of this sort of program in the United States and 
Canada. The Royal Canadian Mounted Police have Airport/Coastal Watch 
whereby citizens can report suspicious vessels and aircraft. The Aircraft Owners 
and Pilots Association has Airport Watch, featuring airport signage, a toll-free 
number (1-866-GASECURE), and an instructional video. 


SECURE FLIGHT 


One of the first passenger profiling programs in the United States was CAPPS. 
Started in 1996, whenever an individual purchased an airline ticket with 
certain peculiarities, such as a one-way ticket with cash bought on the day of 
travel, the computer would flag that individual for additional scrutiny upon 
arrival at the airport. However, CAPPS was geared at preventing bombings, 
not hijackings. Several of the 9/11 hijackers were flagged under CAPPS. 
However, the only requirement was additional scrutiny going through the 
screening checkpoint, and that the individual’s bags would not be loaded onto 
the plane until it was confirmed that the individual had already boarded. 
CAPPS remains in place and is controlled by the airline that checks the 
passenger’s reservation information contained in the air carrier’s passenger 
name record against a set of established system rules, referred to as the 
CAPPS I rules (GAO, 2005). 

Added to screening are checks of passenger names against the no-fly list and 
the selectee list. The no-fly list contains the names of individuals who are not 
allowed to fly on US carriers or must first be cleared by LEOs. The selectee list 
contains the names of individuals who require additional scrutiny such as secondary 
screening or LEO notification. Both lists are shared with airlines, because carriers 
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must check passenger names against the list. The program is now known as Secure 
Flight, which is a behind-the-scenes program that enhances the security of domestic 
and international commercial air travel through the use of improved watch list 
matching. When passengers travel, they are required to provide the following 
Secure Flight passenger data to the airline: 


1. Name (as it appears on government-issued ID the passenger plans to use when 
traveling) 

2. Date of birth 

3. Gender 

4. Redress number (if applicable) 


The airline submits this information to Secure Flight, which uses it to perform 
watch list matching. This serves to prevent individuals on the no-fly list from 
boarding an aircraft and to identify individuals on the selectee list for enhanced 
screening. After matching passenger information against government watch lists, 
Secure Flight transmits the matching results back to airlines so they can issue 
passenger boarding passes. 

Consumers initially complained that it was difficult to be removed from the 
selectee list, even after proving the name is a sound-alike of a real name on 
the list and that the individual is, in fact, not the person the TSA is looking for. 
In one case, the list nearly prevented a 4-year-old boy from boarding because of a 
sound-alike conflict. The TSA has since told airlines not to deny boarding to 
anyone under 12. Even Senator Edward Kennedy had been hindered from travel- 
ing commercially and had a difficult time getting his name separated from a 
sound-alike on the list. 

The selectee list was scrubbed in 2005 to ensure its accuracy (Burbank, 2005) 
and additional improvements have corrected many of the previous identity confu- 
sion problems. The Secure Flight database is being tied into the Transportation 
Vetting Platform, which the TSA is developing to ensure that transportation 
workers, including flight crews, aviation workers with access to secure areas, alien 
flight school candidates, commercial hazmat truck drivers, screeners, and others 
with access to transportation infrastructure, are properly screened. The TSA does 
not currently plan for Secure Flight to include checking for criminals, performing 
intelligence-based searches, or using alert lists (GAO, 2005). The TSA did make 
progress though coordinating with stakeholders such as Customs and Border 
Protection and the Terrorist Screening Center. 


INTELLIGENCE-DRIVEN RBS 


With the appointment of John Pistole to the position of TSA administrator, the 
long sought ideal of screening personnel and baggage based on risk, rather than 
a one-size-fits-all security model, started becoming a reality. In fact, RBS may 
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fulfill the original intent of the Trusted Traveler Program called for in the 
ATSA 2001, but quickly relegated to second-class status by the TSA (becoming 
the defanged Registered Traveler Program). RBS is based on the fact that the 
majority of airline passengers present little to no risk. RBS takes into account 
that the TSA may have more information about some travelers, that screening 
detection technology continues to improve, and that certain types of people nat- 
urally present a lower risk than others. The overriding principle, however, for 
acceptance of a risk-based model of security is that risk-based assumes some 
level of risk is present and accepted by the traveling public. While the concept 
of accepting a level of risk may seem counterintuitive to aviation security there 
is already an acceptance of risk in the one-size-fits-all screening model. The 
heavy reliance on regimented processes and well-known technology allows cer- 
tain holes to develop and be exploited. Risk-based security accepts that no secu- 
rity system is perfect but that it can be better by focusing on higher risk 
populations. 

TSA’s Prev is an expedited screening initiative that places more focus on 
prescreening individuals who volunteer to participate to expedite the travel 
experience and provides them their own screening lane at the SSCP. The program 
started with airline frequent flyers and is expected to expand to other populations. 
Travelers enroll in TSA’s Prev through either being preselected (as an airline 
frequent flyer with known travel habits) or they can enroll through the Customs 
and Border Protection Global Entry program. TSA’s PreY may not have to 
remove their shoes or laptops, and in most cases are only subjected to the 
WTMD, rather than the AIT machines. 

According to the TSA they will always incorporate random and 
unpredictable security measures throughout the airport and no individual will be 
guaranteed expedited screening, to retain a certain element of randomness to pre- 
vent terrorists from gaming the system. In addition, individuals who commit cer- 
tain offenses, such as violations involving firearms, explosives, and fraudulent 
documents at an airport or on board an aircraft, are likely to be denied expedited 
screening for a period of time. The duration of disqualification for expedited 
screening will depend on the seriousness of the offense. TSA’s PreY is one 
method that allows TSOs to focus their efforts on other passengers who are more 
likely to pose a risk to transportation. 

Screening for active-duty US service members is another RBS program that 
allows US service members who possess a valid common access card at participat- 
ing airports to receive expedited screening and no longer have to remove the fol- 
lowing: shoes, 3-1-1-compliant bag from carry-on,”'' laptop from bag, light 
outerwear/jacket, belt. 

While the TSA is required to screen all passengers, they have enacted risk- 
based checkpoint screening procedures for passengers 12 and under to leave their 





"The 3-1-1 security policy allows for liquids to be contained in no larger than 3-ounce containers 
that must fit in a one-quart baggie and only one bag per passenger. 
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shoes on, allowing multiple passes through the WTMD and AIT to clear any 
alarms on children, and using explosives trace detection technology on a wider 
basis (rather than immediately resorting to a pat-down) to resolve alarms on 
children. While some critics have speculated that terrorists could decide to use 
children to conceal explosives or other prohibited items in their shoes, there is 
still the chance for metal detectors, AIT, or ETD machines to pick up on the 
substance or item, and so far, terrorists have not attempted to use children in this 
capacity. The amount of explosives that can be concealed in the shoes of an 
individual under 12, due to their shoe size, is not as significant as what could 
be concealed in an adult shoe size. Similar processes now exist for individuals 
75 years of age and older since the TSA has determined that individuals in this 
age range present a lower risk. 

Known Crewmember (KCM) is another RBS system permitting approved 
flight crew members and flight attendants to undergo alternate screening 
measures. KCM entry points into the Sterile Area are often near the passenger 
screening checkpoint. At the KCM location, a TSA officer verifies the identity 
and employment status of the KCM, to provide expedited access to the sterile 
areas. This also helps reduce congestion in the passenger-screening line. GA 
crew members are now eligible to join KCM—Part 135 and Part 125 charter 
pilots can enroll in the expedited security screening program. The KCM pro- 
gram was questioned in March 2016, when an airline flight attendant, who was 
also a KCM, was caught smuggling cocaine through the KCM checkpoint. 
Despite this case, the TSA has not announced any changes to the program as of 
this writing. 

Another RBS initiative is a combination of risk-based security with the behavior 
detection program. At certain travel document check locations, specialized 
behavioral analysis techniques are used to determine if a traveler should be referred 
for additional screening at the checkpoint. The vast majority of passengers at the 
pilot checkpoints experience a “casual greeting” conversation with a BDO as they 
go through identity verification. 

In 2006, the liquid restrictions became effective, however, as part of RBS, 
medically required liquids and gels, including medications, baby formula and 
food, breast milk, and juice, are exempt from the 3-1-1 rules and are allowed in 
reasonable quantities exceeding 3.4 ounces (100 mL). They are not required to be 
in a zip-top bag but TSOs may ask travelers to open these items to conduct 
additional screening and passengers should declare them for inspection at the 
checkpoint. 


CONCLUSION 


The discussion of airport screening is continued in Chapter 7, The Screening 
Process. Please see the Conclusion in Chapter 7 for a summary of the topics 
presented in both chapters on screening. 
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THE “PTSA” OF AIRPORT SECURITY SCREENING 


Chris McLaughlin 


As Americans, there is perhaps nothing in our society that better describes the paradox between 
our passion for freedom and our fear of losing it as the post-Sep. 11 airport screening process. On 
the one hand, our belief in freedom inspires us to resist an establishment (or government) that 
treats us as if we might be a terrorist. On the other hand, our belief that government should keep 
us safe, creates an expectation that airport security should never fail. This paradox surrounds the 
concept, design, and implementation of the modern passenger facing airport screening system. 
Central to it is the challenge of providing a system that is porous enough to allow for the 
“freedom of movement for people and commerce” (excerpted from the TSA’s mission statement), 
and unforgiving enough to prevent the next planned act of terrorism in the domestic aviation 
system. 

Airport passenger screening is the process that converts passengers and their belongings 
from being potential threats to becoming “travel ready.” This process happens millions of 
times a day in the United States and in a decade and a half since Sep. 11, 2001, the system 
has worked. While the same time period has seen many acts of terrorism in the United States 
and abroad, none have entered through the domestic passenger screening system. For those 
who think that this is somehow just coincidental, consider the number of attacks that have 
been perpetrated against aviation in other parts of the world—or how many times the 
adversary has tried to enter the US system from originating points outside of the 
United States. Simply stated, the system has worked. 

Why, then, does that system come under so much scrutiny from the very people that it has 
protected for the past 15 years? There are four factors that drive this scrutiny. First is the 
expectation that the TSA should be more discerning in its decisions. Second, is that it should be 
more refined and consistent in its approaches. Third, that it should frankly be better at its 
execution. And finally, that it performs its mission with more focus on customer service. 

Passengers understand the TSA’s need to stop terrorists. They just do not feel like they 
should be treated like one. That is easier said than done. Regrettably, terrorism is not an exact 
science, there is no specific “profile” of a terrorist, and they are not static in nature. As a result, 
the TSA has had to implement a system that has wide margins to protect against both the 
unknown and the evolving nature of the terrorist. Because failure is not an option, the TSA 
must err on the side of preventing the terrorist, even at the inconvenience of law-abiding, 
harmless travelers. 

For the first decade after Sep. 11, this was really a “red light—yellow light” system for the 
TSA. Baseline was “yellow”, meaning that you and the vast majority of your co-travelers were 
treated as having some likelihood of committing an act of terrorism. In 2011, the TSA embarked 
on several initiatives to become more “risk based” in its approach. Seniors and children were 
given more relaxed rules. Flight and inflight crews were given different access to the sterile area 
through a program called, “Known Crew Member,” and the TSA launched its TSA Prev 
Program, which through a few different mechanisms and application avenues, allowed certain 
flyers to become “trusted.” These initiatives added “green” to the TSA’s spectrum of risk and 
demonstrated a willingness to show some discernment in their decision making. 

The second area of concern for passengers is a desire for TSA’s processes to be more refined 
and consistent. A common question from customers in line to be screened is, “What are the rules 
today?” Even as well as TSA Prev has been received by the public, there continues to be 
widespread uncertainty about the predictability of being included and the actual speed of service 
once you arrive at the airport. For passengers that are not selected for TSA Prev, the uncertainty 
is even more pronounced. While long lines are not part of TSA’s risk-based equation, some of the 
random measures that are imposed on passengers are purposeful. If unpredictability is 
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uncomfortable to the average passenger, it is unraveling to the would-be terrorist. Unfortunately 
for the TSA, passengers do not routinely understand the deterrent value of their randomness. They 
see it rather as incompetence. 

This notion is fueled by public and leaked reports of the TSA’s “failures” and drives the 
traveling public’s third concern with the TSA. They ask, “How can the TSA subject me to so 
much indignity and yet miss the objects that they’re looking for?” People see a news report of a 
pocket knife that made it through airport security and use that as ammunition to “prove” that the 
system is broken. In an ideal world, the TSA would find every item on the list, every time. It is 
simply not a realistic expectation in practice, though, where the technology is imperfect, the time 
constraints are tight, and the volume of people and bags is vast. 

The individual “task inventory” of a TSA Officer is several hundred deep. Missing any one of 
these steps can result in missing an item of interest. To combat this, the TSA employs multiple 
layers of security—overlaps to compensate for individual potential gaps. Some of these tools are 
overt and perceived as “overkill” by passengers. Others are more covert and focus more on the 
passenger’s “intent” than the object that they might be carrying. Each of them is risk based and 
prioritizes the greatest threats to aviation security. Even though a pocket knife is prohibited, one 
that inadvertently gets through security is unlikely to be successfully used in the next terrorist plot 
given other layers of security that are in place in the post 9-11 era. 

So, the public wants a TSA that is discerning, refined, and perfect in their execution. If these 
first three expectations are not difficult enough, they also want this system wrapped in quality 
customer service. Do not get me wrong. In my opinion, customer service is a reasonable 
expectation; it is just not an easy one! 

TSA officers are hired primarily for observation and technical abilities not, as a first priority, 
their customer service skills. Think about your most positive doctor’s office visit ever. Now 
imagine if your X-ray tech had performed each aspect of your visit—from check-in to exam, to 
diagnosis, to treatment, and ultimately discharge. It is hard to find someone that is excellent at 
everything. Yet, not every role in our society allows for specialized functions. The TSA is in this 
situation. The nature of the TSO position requires them to vary their functions in order to remain 
alert. The nature of the TSA budget requires them to cross-utilize in order to be efficient. It is an 
incredibly hard balance to achieve. Understandably, security has to be the TSA’s primary concern 
in the hiring process. Customer service, while important, takes second stage. 

At the same time, it is not always the TSA Officer’s fault. Despite the expression that “the 
customer is always right,” the passenger often shows up “armed for battle.” The security 
checkpoint is a stressful place. Many passengers set their expectations (and their walls) before 
they enter the queue. After a decade and a half of anecdotes and jabs at the TSA, passengers 
expect to be mistreated. They often carry this edge into the checkpoint. The next time that you 
fly, spend time watching the people around you on their way into the checkpoint and then once 
they claim their belongings on the other side. If you look, you will see what I am talking about in 
their body language. Simply stated, the checkpoint is the most stressful and least controllable 
aspect of the passenger’s journey (unless there is a blizzard). Great TSOs know how to recognize 
and diffuse the “wall.” As stated above though, not all TSOs are great at this aspect of their 
mission. 

The majority of this paper has explained why the TSA does not live up to the traveling 
public’s expectations. My intent is not to make excuses for an imperfect system. Rather, it is to 
give future aviation professionals a foundation of understanding so that you can become part of 
the solution to this paradox. In my experience, airports that assert a true community approach 
to the checkpoint security process deliver a better security result for the passenger. The TSA 
controls the security process. But, the airport community can greatly influence the overall security 


experience for the passenger. Together, it is possible to deliver a holistic approach to passenger 
screening that is discerning, refined, accurate, and delivered in a customer friendly way. 
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The screening process 


OBJECTIVES 


In this chapter, we focus more closely on processes and policies related to passenger 
and baggage screening. Methods and techniques for screening passengers and bag- 
gage are fundamental to sustaining effective aviation security. Within the layered 
aviation security system, screening passengers and baggage are the most important 
processes that security practitioners use to mitigate potential threats to the airport and 
aircraft environments. You will learn about these fundamental concepts and special 
issues in screening that are vital to securing the national airspace system. 


SCREENING PASSENGER AND CARRY-ON BAGGAGE 


International Civil Aviation Organization (ICAO) Annex 17 to the Convention on 
International Civil Aviation—Safeguarding International Civil Aviation Against 
Acts of Unlawful Interference calls for procedures to ensure passengers do not 
bring a firearm, an explosive, or a dangerous device into a passenger cabin 
(ICAO, 2006). Unfortunately, while threats to aviation security have changed sig- 
nificantly, up until 9/11 the technologies and processes developed in the 1970s 
and 1980s were largely unchanged. 

In August 2004, Chechnyan terrorists (known as the “Black Widows’”’) brought 
down two Russian commercial airliners by concealing explosives beneath their 
braziers, highlighting the weakness of the walk-through metal detectors 
(WTMDs), which do not detect explosives. A passenger could wear plastic explo- 
sives and conceal the detonator in their carry-on bag and not set off any security 
alarm. A passenger could pass through the type of metal detector currently in use 
with a suicide belt made of plastic and fabric while concealing the detonator else- 
where and not set off any alarm (Hughes, 2005). 

This weakness was again exposed in August 2006, when UK officials discov- 
ered a plot to blow up commercial airliners departing the United Kingdom on 
intercontinental flights. The unfortunate reaction in the United States and the 
European Union was to prohibit or severely restrict passengers from carrying 
liquids onboard aircraft. Had technology and funding priorities kept up with the 
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existing and known threats, technology or strategies may have existed to prevent 
or detect the presence of liquid-based explosives. Such technology is now being 
developed, years after the initial threats were known. Newer passenger screening 
technology involves graphic body imaging X-ray machines, portal-trace detectors, 
advanced metal detection equipment, and multiview X-ray equipment. 

Passenger and carry-on baggage screening deters a number of threats, specifi- 
cally bombings and hijackings, thus it is one of the most important security 
layers. The basic screening process is explained in Shanks and Bradley’s 
Handbook of Checked Baggage Screening (2004): 


1. The divestiture process. The passenger or employee is called by security staff 
to remove outer attire and anything that may set off the metal detector, or be 
detected by the advanced imaging technology (AIT), such as belt buckles, 
watches, jewelry, coins, mobile phones, or PDAs. These items are placed in a 
polymer container and sent through the X-ray machine. Laptops and large 
electronics are often removed from their containers and placed in separate 
bins. In the United States and many other countries, individuals must also 
remove their shoes, but this policy changes both from airport to airport and 
country to country. The individual also loads their baggage onto the bag belt 
for analysis by the X-ray machine or explosive detection system (EDS) 
technology. Security staff may sometimes realign the bag to randomize its 
position and to allow proper separation of bag images enabling a static image. 

2. Passenger screening. The passenger is requested to move through the metal 
detector or AIT machine. Passengers who set off the detector’s alarm or may 
have a suspicious item as indicated by the AIT are asked to step aside until a 
secondary search can be conducted. The secondary search is usually a 
physical pat-down or hand-wand metal detector. In some instances, passengers 
may be allowed to go back through the metal detector after divesting 
themselves of additional items that may have triggered the alarm, rather than 
going to secondary screening. 

3. Carry-on baggage screening. As the passenger is being screened, security 
staff members analyze the contents of the passenger’s bag using conventional 
X-ray! technology, multiangle X-ray machine, or EDS technology. Baggage 
that contains questionable items or threat items is often checked physically 
through a bag search, analysis by an explosive trace detection (ETD) machine, 
or, in some cases, both. If a bag contains an apparent bomb, then the screener 
will likely keep the suspect item within the X-ray machine, stop the belt to 
prevent the bag from advancing out of the machine, and hinder attempts by 
the owner to pull the bag away from the security staff. The screener will 
notify law enforcement and supervisory personnel for further assessment of 





‘Conventional X-ray technology is the most common form of technology to check carry-on 
baggage. Some countries have implemented EDS technologies in lieu of the conventional X-ray, 
and in the United States conventional X-ray machines are being replaced with multiangle X-ray 
machines that offer better imagery displays. 
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the X-ray image. If the item appears to be a bomb, then an immediate 
evacuation of the security screening checkpoint (SSCP) and surrounding area 
may be required. Explosive demolition teams or K-9 explosive detection 
teams are called to further verify the threat. 

4. Exit process. Provided passenger belongings have been cleared through the 
X-ray analysis, passengers are reunited with their belongings and allowed to 
proceed into the sterile area. 

5. Special circumstances. Disabled passengers and those in wheelchairs often 
must be hand searched. 

6. Newer technology. New technology is being developed such as liquid 
explosive detectors and document scanning devices. These technologies are 
being integrated into the passenger and carry-on baggage screening process. 


PASSENGERS 


The initial screening of passengers takes place when the flight is booked. 
Passengers’ names are checked against the no-fly and Selectee lists. If a passenger 
is on the no-fly list, the passenger will still be able to purchase a ticket, but not 
print a boarding pass. When the passenger arrives at the airport to have the board- 
ing pass printed by an airline ticket agent, the passenger is informed he or she is 
not allowed to fly and is provided with redress information to the Transportation 
Security Administration (TSA). Passengers on the Selectee list are often not 
aware they are on the list, but end up receiving Secondary screening at the 
checkpoint. 

The next level of screening takes place at the Travel Document Check (TDC) 
locations, prior to the passenger proceeding to the divestiture area. Numerous 
incidents of a passenger slipping by this process have occurred in the past few 
years, but as long as the individual is still screened, the security risk remains low. 
Also, the TDC is primarily to ensure that the person who holds identification is 
the same person whose name is on the boarding pass. The TDC is not a “catch- 
all” for all wanted criminals—it attempts to deter or stop a known or suspected 
terrorist from boarding a plane. The TSA is often criticized for not catching a ter- 
rorist, but catching terrorists is the job of the FBI rather than the TSA. The TSA’s 
primary function is to ensure regulatory compliance with airport and air-carrier 
security regulations, to screen passengers and bags for prohibited items, and to 
deter individuals from committing an unlawful act of interference with aviation. 
It is difficult to measure deterrence, as one is essentially trying to measure how 
often an individual or a group did not commit a threatening action because the 
deterrent measure was in place. It should be stressed that the primary function of 
aviation security is to prevent acts of air terror, not to catch common criminals. 
The TSA and the aviation security system at-large is frequently criticized for 
allowing wanted felons to travel on commercial aviation, but the system is not 
focused on preventing that. 
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Once at the checkpoint, screeners must be aware of several dynamics in 
screening, including the ability to ensure that individuals do not pass through a 
screening checkpoint with a prohibited item, individuals do not bypass primary or 
secondary screening, and wait times are kept to a minimum to maintain the 
advantages of air travel and prevent massive crowds from gathering, thus creating 
a vulnerable target for a suicide bomber or active shooter attack. 

There are methods that criminals and terrorists use to get prohibited items, 
including explosives and weapons, through the SSCP. Individuals might carry 
only a portion of an explosive through a screening checkpoint, such as plastic 
explosives that are undetectable with metal detector technology, while concealing 
detonators in carry-on bags. Screeners should watch for bulky clothing and pas- 
sengers with odd-shaped bulks and sharp angles underneath their clothing. 
Passengers should always remove coats and excessive outerwear, which could 
conceal explosives or other prohibited items that may escape the detection abili- 
ties of the passenger screening technology and security screeners. Screening per- 
sonnel must also be aware of body language that is consistent with attempts to 
deceive and be trained in interpreting verbal and nonverbal cues. 

Customer service should not be sacrificed in screening. Screeners must always 
consider that the majority of passengers are not terrorists or criminals. They must 
ensure that passengers selected for secondary screening can keep in view of their 
own belongings, increasing customer service and reducing the possibility of theft. 
This also reduces stress on the individual who has been selected for secondary 
screening. In the United States the TSA has attempted to quiet the SSCP area 
with the theory that a quiet and calm environment allows those who are attempt- 
ing to deceive to be more easily detected. Some of these methods have included 
signage, but one of the most effective methods of bringing calm to the SSCP is 
the use of earpieces and personal microphones by transportation security officers 
(TSOs). Rather than yelling for assistance, which just adds to the noise and confu- 
sion inherent in a screening area, TSOs can communicate quietly. Some airports 
have deployed therapy assistance dogs to calm passengers in the airport, but con- 
sideration should also be given to the use of therapy dogs within the screening 
checkpoint, where explosive detection K-9s are also working. 

Passenger screeners must ensure that individuals requiring secondary screen- 
ing are not allowed to leave the SSCP area until the secondary screening is com- 
plete, preferably by a second screener to avoid disrupting the passenger flow. 
Passenger screeners who staff entry gates should strictly control the passage of 
individuals through the metal detector (or ETD) by allowing only one individual 
at a time to pass through. 

The standard method of screening in the United States and abroad has been 
using the WTMD, often called the magnetometer. The WTMD creates a magnetic 
field, which is disrupted with the presence of metal. This disruption, if high 
enough, causes an alarm to sound. WTMDs can be set to specific levels depend- 
ing on the sensitivity desired by the operator. WITMDs quickly process passen- 
gers, requiring only a second or two for the passenger to pass through. WIMDs 
cannot detect plastic explosives or other types of explosive substances, and it can 
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be assumed that other bomb-making devices (blasting caps, timers, etc.) that do 
have metal components would be concealed in carry-on baggage and assembled 
after the individual has passed through the checkpoint. Individuals who set off the 
alarm, or who for any reason cannot pass through the detector (eg, disability), are 
referred to secondary screening. The secondary screening generally consists of 
using a hand-wand. If the hand-wand cannot determine the problem, then a physi- 
cal pat-down search or even a strip search, done privately by a member of the 
same sex and with supervision, may be needed. In some cases, a handheld explo- 
sives detection device may also be used. 

More advanced metal detectors can pinpoint where a metallic object is on an 
individual (Fig. 7.1). The Garrett PD 65001 divides the magnetic field into 33 dis- 
tinct zones and has uniform coverage from head to toe. Lighting visible on the exit 
side of the detector notes the zone where a particular metallic object is located. 
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FIGURE 7.1 
Garrett PD 6500i metal detector. 
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To make up for the weaknesses in the metal detection process, the TSA has 
widely deployed AIT devices. This body imaging technology comes in two forms: 
backscatter X-ray or millimeter wave imaging. Backscatter technology projects 
low-level X-ray beams over the body to create a reflection of the body displayed 
on the monitor. Millimeter wave technology bounces harmless electromagnetic 
waves off the body to create the same generic image for all passengers. 

Before going through this technology, passengers must remove all items from 
pockets and accessories, including wallets, belts, bulky jewelry, money, keys, and 
cell phones. Once inside the imaging portal, passengers stand in defined position 
with their arms raised over their head and remain still for a few seconds while the 
technology creates an image of the passenger in real time (Fig. 7.2). 

For machines using backscatter technology, a remotely located officer views 
the image to identify any irregularity that appears on the screen. After review and 
resolution of any anomalies, the image is immediately deleted. All millimeter 
wave technology units are equipped with automated target recognition software 
that detects any metallic and nonmetallic threats concealed under a passenger’ s 
clothing by displaying a generic outline of a person on a monitor attached to the 
AIT unit, which highlights any areas that may require additional screening. The 
generic outline of a person is identical for all passengers. If no anomalies are 
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FIGURE 7.2 


A passenger undergoes secondary screening at Denver International Airport. 
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detected, an “OK” appears on the screen. The passenger then exists at the oppo- 
site side of the portal and collects his or her belongings. The entire process takes 
less than | minute. 

Another device that could be implemented at screening checkpoints is a docu- 
ment scanner. The document scanner is based on the same trace detection tech- 
nology as the ETD system. The premise of the document scanner’s utility is that 
explosive particles are usually sticky, and anyone handling such materials is 
likely to transfer those materials to any travel documents he or she is carrying. 
Placing the individual’s passport or other identification in a document trace scan- 
ner allows quicker screening, reduces the space needed to conduct the explosives 
trace search, and is available at a lower cost. 

The TSA briefly experimented with explosives trace portal systems, but the 
technology proved to be too fragile to handle an airport environment and was 
eventually replaced with the AIT machines. 

Some passengers require or request to either opt-out of using the AIT systems. 
In these circumstances, they are subjected to a physical pat-down, similar to the 
search conducted by a police officer during an arrest. Other passengers may 
request to be screened privately, or there may be issues with the screening of a 
particular individual that necessitates the removal of clothing; in either case they 
are escorted by TSOs of the same sex into a private location, usually near the 
screening checkpoint, out of public view, and are patted down. 

Pat-downs are used to resolve alarms at the checkpoint, including those trig- 
gered by metal detectors and AIT units. Pat-downs are also used when a person 
opts out of AIT screening to detect potentially dangerous and prohibited items. 
Because pat-downs are specifically used to resolve alarms and prevent dangerous 
items from going on a plane, the vast majority of passengers will not receive a 
pat-down at the checkpoint. 

The TSA notes that the majority of pat-downs occur when a passenger alarms 
either the metal detector or the AIT unit. Passengers have rights during a pat- 
down including the right to request the pat-down be conducted in a private room 
and to have the pat-down witnessed by a person of their choice. All pat-downs 
are only conducted by same-gender officers. The officer will explain the pat- 
down process before and during the pat-down. The TSA initially was criticized 
for its pat-downs of children, but these processes have been modified to reduce 
some of the issues. TSOs have been given some discretion with children and will 
work with parents to resolve any alarms at the checkpoint. If required, a child 
may receive a modified pat-down, witnessed by the parent. 


CARRY-ON BAGGAGE 


For more than 40 years, carry-on baggage screening has been conducted with con- 
ventional X-ray machines. These were discarded by the federal government for 
protecting buildings such as the US Supreme Court and the US Capitol, but they 
remained in use at US airports. Upgraded X-ray equipment, including color filters 
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to highlight suspicious items, was sent to US airports in the mid-1990s and again 
after 9/11. 

In 2006, the TSA announced a plan to implement new X-ray machines that 
present a three-dimensional view, supposedly better at spotting liquid explosives, 
guns, and other weapons (Frank, 2006). The TSA continues to analyze the use of 
EDS machines with smaller designs, enabling them to more easily fit into SSCP 
areas. Early-model EDS machines were the size of a small car (which takes con- 
siderable space), have high power requirements, and need strong flooring. As the 
industry continues to mature, machines are getting smaller, lighter, and require 
less power, but still take up more space than most conventional X-ray systems. 

EDS machines using computerized tomography (CT) imaging are the best 
imaging technology presently available to detect weapons and explosives but 
costs about $850,000 per unit, multiview X-ray costs approximately $200,000— 
$300,000 per unit, depending on functionality and other variables. Multiview 
X-ray machines scan from several angles to create three-dimensional images of 
items in a bag. Proponents of the multiview technology say that the machines 
give screeners more detailed images and increase efficiency by reducing the num- 
ber of bags that have to be searched by hand (Frank, 2006). 

One of the most significant challenges to carry-on baggage screening is pro- 
hibited items. Since 9/11, the list of prohibited items has grown significantly. 
Passengers are prohibited from taking on board an aircraft nearly any weapon, 
explosive, or other substances that has been classified as hazardous. All knives 
are prohibited, along with tools and other items that could be converted into a 
weapon. Although pens, pencils, laptops, car keys, and other allowable items 
could be used as weapons, their effectiveness as such is considered less than that 
of a knife or gun. Also, with more air marshals, reinforced cockpit doors, and pas- 
sengers unwilling to comply with hijacker demands, there is some consideration 
that even small pocket knives could once again be allowed to be carried on board, 
but public perception is likely to prevent this from happening in the near term. 

After a liquid bomb plot was discovered in London in 2006, the list of prohib- 
ited items in the United States expanded. X-ray and magnetometer systems in 
place at US and UK airports at the time of the attack were not capable of detect- 
ing liquid-based explosives, so the initial response was to ban all liquids from 
being carried onto a commercial aircraft. However, this is not a sustainable solu- 
tion, so the TSA set out to determine just how much explosives it would take to 
bring down an airplane. 

The TSA briefly considered continuing the complete ban, but this policy, 
while popular within the TSA at the time (Hawley and Means, 2012, p. 188), 
completely ignores the needs of a vast majority of the traveling public and partic- 
ularly demonstrates an ignorance of the travel habits of the business traveler who 
finances much of the air transportation system. Business travelers predominantly 
only have carry-on baggage. Forcing this population of travelers to check their 
bags so they can bring essential liquids increases their travel time, decreases the 
space available in the cargo hold for revenue-generating cargo, and forces 
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business travelers to spend hundreds or thousands dollars every year in buying 
liquids at every destination. While not a huge expense for the leisure traveler, for 
business travelers, some of whom travel several times a week with numerous 
overnight stays, the costs would add up. 

The use of some explosives such as dynamite is detectable by X-ray technol- 
ogy, and plastic explosives such as C-4 are not easily acquired. The acquisition of 
such materials to a terrorist group brings unwanted attention to the group, increas- 
ing the chances they will be trailed and possibly stopped by law enforcement 
(Hawley and Means, 2012, p. 141). Ramzi Yousef used a bomb with a nitroglyc- 
erine base in the 1993 bombing of the World Trade Center and nitroglycerine is 
virtually undetectable by X-ray, magnetometer, and EDS technology; however, it 
is relatively unstable, requiring tamping materials to prevent it from exploding 
inadvertently if it is dropped or mishandled. 

However, in 2005, hydrogen peroxide—based explosives became popular. 
Hydrogen peroxide is a common element in everything from hair dye to pool 
cleaner, and hydrogen peroxide—based bombs had already proven their worth in 
the 2005 London subway and bus bombings. It requires more bomb-making skill to 
create a hydrogen peroxide—based bomb, but their increased stability, blast power, 
and invisibility to security makes them an attractive option for an airplane bomb 
(Hawley and Means, p. 141). The liquid bomb represented a shift away from the 
previous types of bombs al-Qaeda had been using, which where predominantly 
commercially available explosive materials. The new liquid-based devices gave al- 
Qaeda a high-powered, reliable, stable, and repeatable explosive. In 2006, intelli- 
gence from the UK’s MI-5 indicated that operatives had created such devices using 
normal energy-drink bottles, undetectable by airport screening methods, and that a 
plot was in motion to bring down several commercial flights from the United 
Kingdom to the United States. If successful, the death toll in the bombing of nearly 
a dozen commercial flights could have exceeded the deaths suffered on 9/11. 

The TSA developed the 3-1-1 program in response to the liquid problem. The 
current security policy allows for liquids to be contained in no larger than 3-ounce 
containers that must fit in a one-quart baggie and only one bag per passenger. 
The TSA took a public beating for their new policy, and even a skit on the TV 
show Saturday Night Live mockingly questioned whether 3 or 4 ounces could 
bring down an aircraft, but what was not known at the time is that the type of liq- 
uid (or gel or aerosol) was not the critical issue—the size of the container was. 
TSA explosives experts determined that the hydrogen peroxide—based explosives 
could only be a serious threat to an aircraft if detonated in a container with suffi- 
cient diameter. The TV skit also questioned whether two individuals could bring 
on enough quantities of explosive materials and then meet on the plane to com- 
bine them. While the possibility exists, the nature of the hydrogen peroxi- 
de—based explosive device makes a successful marrying of these binary 
materials, unlikely to be successful. 

Bottled liquids scanner (BLS) screening systems are used across the nation by 
TSOs to detect potential liquid or gel threats that may be contained in carry-on 
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baggage. The technology differentiates liquid explosives from common, benign 
liquids and is used primarily to screen medically necessary liquids in quantities 
larger than 3 ounces. Next-generation BLS systems have the ability to detect a 
wider range of explosive materials and use light waves to screen sealed containers 
for explosive liquids. The TSA has deployed more than 1000 next-generation 
BLS units to airports nationwide. The TSA is currently testing new liquid screen- 
ing systems with enhanced detection capabilities that use light waves to screen 
sealed containers for explosive liquids. 

Liquid-based explosive detection devices have been in use in some airports 
throughout the world for several years, but were slow to receive certification in 
the United States. One ironical impact of the wars in Iraq and Afghanistan is that 
while they have allowed terrorists to improve their bomb-making skills, they have 
also driven technological advances in explosives detecting technology. Better liq- 
uid explosive detecting devices continue to make their way from the battlefield to 
TSA testing and eventually to airport screening checkpoints. Overseas, all liquids 
were banned from carry-on baggage for a period, as were all laptop computers 
and other electronic devices. The rationale for restricting the electronic devices 
was that they could be used as a triggering mechanism for a bomb. When laptops 
were again allowed, the size of the laptop case was restricted, although no clear 
reason was given as to why the laptop case must be a certain size. Security 
screeners were provided with rulers but not with the ability to make common- 
sense interpretations on the risk presented by a laptop case only slightly over the 
allowable limit.” An ideal security operation includes flexibility and allowing 
security personnel to make commonsense decisions and interpretations of rules 
and standard operating procedures. 


SMART SECURITY (FORMERLY CHECKPOINT OF THE FUTURE) 


In 2011, the International Air Transport Association (IATA) rolled out its idea of 
the future of airport screening, which features three lanes: one for known trave- 
lers, one for normal, and one for enhanced security. As a passenger approaches 
the checkpoint his or her identity is determined using biometrics and the individ- 
ual is directed to the appropriate lane. Passengers who have preregistered with the 
appropriate government agency and undergone a background check are known 
travelers who will be subjected to lesser security measures, similar to TSA’ s 
Prev program (see chapter: Introduction to Screening). Enhanced security would 
be for travelers on selectee lists, or that intelligence or other information dictates 





?Musical instruments were also temporarily prohibited in the weeks after the discovery of the liquid 
bomb plot. Many musicians lost or had their high-value musical instruments damaged as a result of 
checking these items into the cargo hold. These policies did not make sense as there has never 
been an incident in the history of aviation security where an individual attempted to hijack an air- 
craft with a musical instrument. Violins, guitars, or any woodwind instrument do not make an 
effective weapon. Decision making leading to policies such as these must be avoided if the travel- 
ing public is to develop a trust in its security agencies. 
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that they may present a higher security risk to aviation. Individuals in this lane 
would likely receive the equivalent of secondary screening. Normal screening is 
designed for the majority of travelers who neither have put their background 
information up for review by the government nor are regarded as suspicious. 
Additionally, IATA notes that screening technology is being developed that does 
not require passengers to remove any item of clothing or even have to be sepa- 
rated from their belongings. The ultimate goal is a seamless screening process 
where a passenger walks through a corridor, where security systems are integrated 
and hidden within the walls, and out the other side without ever skipping a step. 


SCREENING CHECKED BAGGAGE 


An aircraft hold contains a variety of items including passenger bags, cargo, US 
mail, and airline company mail and materials. Inside passenger baggage and cargo 
are any number of items including liquids, gels, compressed canisters, unloaded 
weapons, ammunition, human organs and tissue, and hazardous materials.” Many 
of these and other items are listed on the carry-on baggage prohibited items list 
but are allowed in checked baggage and in cargo, where they cannot be accessed, 
complicating screening and inspection. 

The screening of checked baggage and cargo is a layer in the security system 
that focuses on preventing one form of attack—the bombing of an aircraft by the 
placement of an improvised explosive device (IED) in the baggage hold. Most 
airline bombings have been carried out this way. Checked-baggage screening 
could have prevented several significant aviation tragedies including the bomb- 
ings of Air India Flight 105, Pan Am Flight 103, and nearly 60 other in-flight 
bombing incidents. However, the screening of checked baggage and air cargo is 
costly. Costs include equipment purchase, hiring and training of personnel, and 
modifications to airport facilities to accommodate equipment. Modifications to an 
airport facility also include secondary search areas for suspect items, containment 
areas, and administrative and break rooms for screening personnel. 

The next section provides an overview of procedures for screening checked 
baggage and cargo. Detailed guidance for constructing a checked-baggage inspec- 
tion system is covered in the TSA’s Recommended Security Guidelines for 
Airport Planning, Design, and Construction. 


CHECKED BAGGAGE 


As well as the fundamental purpose of preventing the placement of explosives 
onboard an aircraft, checked-baggage screening can detect threats such as the ille- 
gal transport of hazardous materials, narcotics, and weapons. Checked-baggage 





3Hazardous materials carriage is regulated by the Federal Aviation Administration (FAA). 
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screening is complex and expensive. Whereas the United States transports 
between 600 million and 800 million passengers per year, carriers transport nearly 
three times that number in checked bags. 

The fundamental tool in checked-baggage screening is the EDS machine, an 
X-ray machine that uses CT to analyze the contents of a bag. Although other sys- 
tems are used internationally, the standard in the United States is that all baggage 
be checked by an EDS. After 9/11, airports purchased EDS machines used to 
inspect checked baggage at the cost of approximately $1 million per unit. Some 
major airports had to purchase numerous EDS machines to meet baggage screen- 
ing demands. Terminal facilities had to be modified and reconstructed to make 
room for the new systems. 

Canada implemented its checked-baggage screening program after the bomb- 
ing of Air India Flight 105, the United Kingdom implemented its checked bag- 
gage screening program after Pan Am Flight 103, and the United States 
implemented its checked-baggage screening system after 9/11. Russia implemen- 
ted checked-baggage screening after the downing of two of its airliners in 2004 
by suicide bombers, although the individuals smuggled the bombs on their 
persons, rather than in checked baggage. 

There are several options in screening checked bags including the use of K-9 
explosive detection dogs, ETD technology, conventional X-ray equipment, man- 
ual search, and explosive detection CT equipment. Canada and the United 
Kingdom use a five-tier system of checked-baggage screening. Level 1 screening 
is an inspection by a conventional X-ray machine. The computer software within 
the X-ray machine makes a threat determination and either sends the bag to the 
Level 2 inspection for additional scrutiny or routes it to the aircraft if there is no 
threat. Approximately 70% of all checked bags are cleared at Level 1 
(Shanks and Bradley, 2004, pp. 10—11). 

Bags not cleared at Level | are sent to Level 2 where they are inspected by an 
automated EDS technology. Another 5% are cleared at this level and proceed to 
the aircraft. Suspect bags are sent to Level 3. Level 3 consists of another inspec- 
tion by EDS using CT (the same systems certified by the TSA in the United 
States) and a human operator interpretation or a check using ETD or quadrupole 
resonance technology. Another 2% of bags are cleared at this level (Shanks and 
Bradley, 2004). 

Level 4 consists of reconciling the bag with the passenger or removing it from 
the inspection area to be remotely detonated (Shanks and Bradley, 2004). This 
raises the question of whether a suspect bag should be moved. The argument for 
moving a bag that may possibly have an IED is that most IEDs smuggled through 
the checked-baggage process are triggered by barometric pressure, a timing 
device, or a radio frequency trigger. They are not set off by motion, as the 
bomber would probably not be able to arm the device and then hand it to a ticket 
agent without the bomb detonating. The argument against moving the bag is that 
the IED may be so unstable, regardless of the triggering mechanism that it may 
detonate. Whether the bag is moved or not is a decision for law enforcement 
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responding to the incident and is based on the totality of the circumstances and 
internal department practices. 

A Level 5 inspection occurs on about one or two bags in 50 million (Shanks 
and Bradley, 2004). A bag reaches Level 5 classification when the passenger can- 
not be found or refuses to open the bag. At this point, either the area is evacuated 
or the bag is moved via a mobile blast containment system where it is then 
inspected further or destroyed. Because the United States requires all bags to be 
checked by EDS using CT, international airports using the five-tier system but 
conducting flights to the United States can meet the TSA’s EDS screening stan- 
dards by turning off (or bypassing) their Level | and Level 2 systems, which 
allows the bags to go immediately to the Level 3 EDS machines (provided they 
are TSA certified) (Shanks and Bradley, 2004). 

The use of canines in explosive detection is highly effective. However, it takes 
a large number of dogs to scan hundreds of bags for explosives. According to the 
canine explosive detection trainers at Israel’s Ashdod seaport, it takes three dogs 
to maintain continuous detection capabilities, but this is on a much smaller scale 
than at a large commercial service US airport. Each dog works a 20-minute shift, 
and then that dog rests for 40 minutes while another begins its work. Canines 
must also be exercised and they must have housing and play areas and facilities 
for trainers to store clothing, training equipment, and dog food. Canines are best 
used in specific circumstances such as random patrols in terminal or cargo areas 
or to search bags and aircraft. ETD technology and physical searches of checked 
baggage are effective strategies, but they are impractical on a large scale. ETD 
inspection of checked baggage was implemented at many US airports that could 
not meet the 100% EDS deadline (Dec. 31, 2002) as a stopgap measure until 
EDS technology could be deployed—this process was very slow and created long 
lines in ticketing areas. 

In the United States, the Aviation and Transportation Security Act (ATSA 
2001) mandated that all checked bags would be screened using EDS technology 
certified by the TSA. At the time ATSA 2001 was passed, only two companies— 
InVision’s 9000DSi and L3’s eXaminer—produced EDS machines, making their 
availability to the US airport community extremely limited. By Dec. 31, 2002, 
the deadline for all US airports to have full EDS screening equipment implemen- 
ted, only a few airports were able to meet the deadline. The deadline was 
extended by | year, and the TSA decided that a combined use of K-9, ETD, and 
the process of positive passenger/baggage matching could substitute for EDS until 
the airports were fully EDS equipped. 

An important lesson for airport and aircraft security coordinators can be 
learned regarding security mandates. Shortly after 9/11, the US government prom- 
ised to help airports pay for the 1200 plus EDS machines that it now required at 
airports. However, by 2006, the government had reimbursed about eight airports 
(out of 429) for EDS upgrades, and additional reimbursements have been slow. 
The lesson to US airports and the aviation industry is that additional federal 
requirements are not likely to be funded or, if so, not funded long term. It is 
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important for aviation security practitioners to consider that each operator 
(airport, airline, etc.) will have to account for additional security expenses and not 
rely on federal funding. 

There are essentially six options for checked-baggage screening in the United 
States. The options are fully integrated EDS, inline EDS, ticket counter mounted, 
simple inline, stand-alone EDS, stand-alone ETD, and high-speed fully integrated 
inline. Each option is dependent on the configuration of the airport and its overall 
size. Approved alternatives included canine screening, physical inspections of 
baggage, and positive passenger/baggage matching (Government Accountability 
Office (GAO), 2006). EDS is TSA’s preferred method. Most screening systems 
installed after 9/11 were either EDS or ETD, hastily put into airport lobbies as 
stopgap measures to meet federal deadlines. Airports continue to construct inline 
systems to recover needed lobby space and improve the speed and efficiency of 
baggage movement and screening. Airport system requirements depend on the 
throughput rate (the number of bags being processed hourly), available space, and 
available funds. Inline systems are preferred over lobby screening options, as they 
improve efficiencies, increase throughput volume, and open terminal space in the 
lobby areas. Airport operators must consider the layout of their terminal facilities 
when deciding which form of checked-baggage screening to incorporate. A fully 
integrated inline EDS is the fastest and most effective. However, inline EDS 
machines are costly, normally require the purchase of many scanning units, and 
require remodeling of bag sorting areas to accommodate the larger operation and 
additional personnel. 

At some airports, it is not feasible to install an inline EDS because of financial 
or physical layout restrictions. Large inline systems work better at large commer- 
cial service airports with ample bag sorting facilities. Smaller airports may elect 
to place stand-alone EDS machines in their lobby areas or install a ticket counter 
EDS operation. The smallest commercial service airports may go with an all-ETD 
checked-baggage search process, located in the lobby of the terminal. 

At the smallest level of checked-baggage screening (without using alternative 
procedures such as canine, bag matching, or physical inspection), airports usually 
implement stand-alone ETD inspection stations located in the lobby of the termi- 
nal building (Fig. 7.3). Stand-alone ETD machines are the most labor intensive 
and require several ETD stations and additional personnel to handle the desired 
baggage throughput. A 2006 GAO report showed that ETD machines could 
screen an average of 36 bags per hour, whereas even the lowest performing EDS 
machines can screen at an average rate of 120—180 bags in the same time. 
Despite the efficiencies of inline, many small commercial service airports do not 
have bag sorting facilities large enough to use inline EDS machines. 

Stand-alone lobby EDS machines consist of single machines placed in an air- 
port lobby area near the ticket counters. When a passenger completes checking in 
a bag, it is moved to a screener staffing the EDS machine. The screener then 
places the bag through the EDS and into the baggage system. Many airports ini- 
tially went with this option to meet the ATSA 2001 deadline, as it does not 
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FIGURE 7.3 
Stand-alone ETD system. 








FIGURE 7.4 


Ticket counter—mounted EDS station. 


require substantial modifications to the airport, as inline systems do. Airports 
with limited-sized baggage sorting areas or limited funds continue to use this 
method. A ticket counter—mounted system consists of EDS machines placed at 
airline check-in ticket counters (Fig. 7.4). When an airline representative accepts 
a bag, it immediately goes into an EDS machine. If the bag is cleared, it proceeds 
to the baggage sorting room where it is directed to the appropriate flight. If the 
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bag requires further inspection, it will be routed to a screener (out of public 
view), who then conducts a secondary inspection. These systems are best used for 
airports with low baggage volumes. They may also be used for self-service 
check-in, curbside check-in, or international recheck-in areas. 

The advantage of stand-alone or ticket counter—mounted systems is that bags 
that may have suspect items can be immediately reconciled as the passenger is 
often still in the vicinity. However, these systems can consume up to 20% of the 
existing check-in area (Shanks and Bradley, 2004, p. 9), creating both inconve- 
nience to passengers and increased congestion in public areas. 

For larger airports with higher throughput rates and more available facilities, 
an inline EDS is considered the most effective and efficient form of baggage 
screening. Inline EDS machines are integrated with the airport’s baggage system 
and are able to scan a bag quickly, and the system either selects the bag for addi- 
tional screening or sends it off to the aircraft (Figs. 7.5 and 7.6). Inline systems 
are the quickest method and the least labor intensive as the software does much 
of the scanning and threat interpretation. Inline systems can process up to 40% 
more bags in the same time as a stand-alone EDS. Fully integrated EDS machines 
feature control rooms where images can be scrutinized, bags can be physically 
inspected, and bags reintegrated back into the baggage sorting system once they 
are cleared. 





FIGURE 7.5 
Simple inline EDS setup. 
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FIGURE 7.6 


Fully integrated inline baggage screening system. 





Baggage throughput for an EDS depends on the type of machine used. Lower 
EDS rates average 80 bags per hour, whereas faster machines average 180 bags 
per hour. The TSA is working on future systems that have a throughput rate of up 
to 900 bags per hour. Baggage throughput is also affected by the amount of over- 
size bags that are put into the system. This is a particular problem for airports 
located near tourist facilities (golfing, skiing, etc.), and depending on the 
geographic location of the airport, anywhere from 5% to 20% of total checked 
baggage could be oversized (Shanks and Bradley, 2004, p. 53). 


BUILDING A CHECKED-BAGGAGE EDS SCREENING 


There are numerous factors to consider when designing a checked-baggage EDS 
screening. These factors include the size of the airport, the number of enplane- 
ments, integration with the airline’s existing baggage handling system, costs, 
available space, and power supply. Fully integrated inline checked-baggage 
screening begins with a bag placed into the system at the ticket counter. If the 
EDS machine detects a potential threat item, the bag is sent to the TSA’s threat 
resolution room (TRR). In the TRR, TSA personnel analyze the image from the 
EDS machine and decide to either clear the bag and reintegrate it (through a con- 
veyor belt) back to the aircraft or conduct additional inspections of the bag 
including the use of ETD, canine, or physical inspection. If the bag is cleared, it 
is reintegrated into the airline baggage sorting system. If the bag cannot be 
cleared, inspection personnel and law enforcement move the bag or evacuate to 
the TRR and attempt to detonate or remove the device. Evacuation of the TRR is 
a significant step and may mean baggage missing a flight; in an extreme instance, 


Eee 
323 


324 CHAPTER 7 The screening process 


the airport may have to close down all checked-baggage screening until the poten- 
tial threats are mitigated. 

The installation of an inline EDS includes the purchase of the equipment, the 
addition and integration of miles of conveyor belts into the existing airline bag- 
gage system, and the addition of a TRR (and break rooms, locker rooms, 
restrooms, parts storage, and administrative areas for inspection personnel). Some 
airports have elected to elevate their EDS machines to better integrate with the 
existing system. By elevating the EDS machines, airport operators can take 
advantage of existing space (eg, above the current airline baggage sorting sys- 
tem). This strategy is referred to as a build-up rather than a build-out. 

Another key factor in designing the inline system is ensuring that bags 
selected for additional scrutiny are not accidentally mixed back in with bags that 
have been cleared. Many airports use barcode tags with laser readers. However, 
the most accurate baggage identification system is radio frequency identification 
(RFID) (Shanks and Bradley, 2004). RFID misread rates are in the 10ths of a per- 
cent, whereas laser/barcode systems have misread rates in the 10s of a percent. 
Additionally, RFID uses economical read stations, which enable multiple verifica- 
tions along the conveyor route. This feature increases reliability and reduces the 
likelihood of a suspect bag being routed in with cleared baggage (Shanks and 
Bradley, 2004). 

Airport operators must determine the required layout for a fully integrated, 
100% checked-baggage EDS. The first step in this process considers the airport’s 
current total throughput of bags per hour and the peak throughput of bags per 
hour. From these computations, the total number of EDS machines needed and 
the space required can be determined. If growth is projected, airport operators 
may want to use projected bag throughput to design the system to meet future 
demands. 

Before 9/11, most existing outbound baggage systems were straight-line con- 
veyors running directly from the ticket counters to the baggage makeup areas 
(where bags are sorted). Because airlines generally lease both ticket counter and 
baggage makeup areas and because any inline system is likely to affect these 
areas, airport operators may have to modify existing airline leases to account for 
the additional space required for security (and thus less available space for the 
airline or tenant). 

One method of improving throughput rates and integrating into an existing 
system is to keep baggage conveyor routes as straight as possible or with curves 
that have a 6-ft centerline and a 12°—18° slope (Shanks and Bradley, 2004) to 
better facilitate the movement of oversized bags. As an example of some of 
these concerns, design criteria used at Jacksonville International Airport (JIA) 
in Florida were based on accommodating 8 million passengers. The machine 
count (10 EDS machines based on 8 million enplanements) established through- 
put at less than 300 bags per hour at JIA. JIA integrated several previously sepa- 
rate airline baggage handling systems and increased throughput to 500 bags per 
hour. Throughput is reduced at certain times because of bag jams and machine 
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fault resets (Shanks and Bradley, 2004). In addition, 5% of JIA’s baggage is 
made up of golf clubs, so the inline system was slightly overbuilt to handle golf 
bags. This improved throughput rates because employees did not have to physi- 
cally move golf clubs along with other oversized bags (Shanks and Bradley, 
2004). Contingency planning for failure of the checked-baggage system should 
consider having an extra inline conveyor/EDS machine to use as a backup or 
“hot standby” (ie, if you need six machines to fulfill the throughput rate, buy 
seven). Another option is to reduce the workload on the main systems (Shanks 
and Bradley, 2004). 

Failure of an EDS machine is usually the result of poor maintenance or a fail- 
ure of the conveyor system rather than of the EDS machine itself. As opposed to 
EDS, when an airport uses ETD machines for checked-baggage screening, gener- 
ally downtime is less than it is for EDS machines, as ETDs are solid-state and 
normally only require the replacement of consumables.* 


CHECKED-BAGGAGE SCREENING APPROVED ALTERNATIVES 


Canine search and physical inspection are alternatives to the EDS/ETD systems. 
However, each carries inefficiencies when used as a sole screening mechanism. 
Positive passenger/baggage matching (ie, matching checked baggage with pas- 
sengers on the flight) does not prevent suicide bombings and is no longer used 
in the United States for domestic flights. Also, this process creates operational 
inefficiencies for airlines, because when a bag is found not to have a matching 
passenger on board, the airlines often take a delay while baggage handlers go 
digging through the cargo hold for the unmatched bag (which usually results in 
the airline taking a risk and not bothering to even look for the bag). The use of 
canines requires extra floor space to spread out the baggage for inspection, and 
we have already mentioned how many dogs are required to conduct such 
inspections. 

Physical inspection requires screening personnel to open each bag and inspect 
the contents. This is time consuming and potentially dangerous, should a bomb be 
accidentally triggered during inspection. The likelihood of detecting an IED is 
related to the skills of the individual screener to find secreted devices. 
Additionally, a physical inspection may miss hidden explosives such as C-4 
formed into a sheet and sewn into the lining of the bag. Physical inspection is 
usually used in a secondary process, when a bag has already been identified as 
suspect by other means (EDS, ETD, canine, etc.). Good judgment must be applied 
when deciding whether to inspect a bag physically or to call an explosives ordi- 
nance disposal team to handle the suspect item. 





“Items such as oils, paint, adhesives, and cleaning materials that are consumed during their use. 
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CASE STUDY 


Inline EDS installed after 9/11 at Boston Logan International Airport. 
[This case study is based on work presented by Shanks and Bradley (2004) and knowledge 
also relayed by M. Freadman (personal communication, April 25, 2005).] 


Logan International Airport, located in Boston, MA, is the largest airport in the New England 
area. Logan handles more than 1.3 million passengers per year and has five passenger terminals, 
each with its own ticketing, baggage claim, and ground transportation facilities. Nearly 30,000 
flights are conducted out of Logan each year. Logan was also the launch point for two of the 
hijacked flights on 9/11. 

Logan met the ATSA 2001 mandate of 100% hold baggage screening by Dec. 31, 2002. 

The undertaking required the coordination of Massport,° personnel at Logan International Airport, 
the TSA, and L-3 Communications, the selected provider of the EDS machine. Many other 
individuals assisted in making sure the mandate was completed successfully and on time. These 
stakeholders included management and line personnel, union contractors, construction workers, 
and the airport’s airlines and tenants. Logan moves more than 5000 bags per hour at peak times. 
The installation of the baggage screening system could not interrupt service to the airlines, 
passenger flow, or sacrifice baggage screening throughput. EDS equipment was placed at several 
locations throughout the facility, requiring the expansion of 9 of its existing 16 luggage rooms 
and 7 major building additions. 

The L-3 Communications’ eXaminer 3DX 6000 was the selected EDS machine because of its 
certified detecting capability, throughput capability, low false alarm rates, ease of use, and size. 
The eXaminer 3DX 6000 also has a smaller footprint, allowing units to be placed in the lobby if 
necessary. L-3 engineers designed a new conveyor system that addressed baggage flow issues and 
met the TSA’s goal of clearing 95% of baggage within 10 minutes of meeting an EDS machine. 
The system included routing for three levels of screening. At Level 1, the eXaminer 3DX 6000 
screens each bag for explosives then either clears it or rejects it and sends it to Level 2 screening. 
Level 2 screening follows for rejected bags. If cleared at Level 2, then baggage is placed back 
into the system. Rejected baggage is then searched by ETD or physical inspection. Note that these 
levels are distinctly different from the international model of five levels. The international Level 3 
check—EDS—s actually the Level 1 check in the US system. 

The initial installation of EDS machines at Logan included 30 integrated eXaminer units at 
Level 1 and operator workstations at Level 2. The eXaminer clears nearly 85% of all baggage at 
Level 1, with any images from noncleared bags being transmitted from the EDS machine to 


operator workstations. Installation occurred mostly at night when the airlines were at lower 
passenger flows or idle. Electricians converted Logan’s power environment to a clean and 


uninterrupted power supply while L-3 technicians worked continuously to ensure the systems 
were installed correctly and operated properly. As systems went online, TSA screeners began 
testing and training on the machines. With all entities working in concert, Logan was able to meet 
the ASTA 2001 mandate of 100% checked-baggage screening by Dec. 31, 2002—one of the very 
few airports that met the deadline. 





SCREENING AVIATION EMPLOYEES 


One of the most controversial issues in aviation security is the screening of avia- 
tion employees in the same manner that passengers are screened. Throughout the 
history of aviation security, airport and airline workers have been involved in 





>Massport, the Massachusetts Port Authority, is the governing authority for Logan International 
Airport. 
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numerous security incidents, yet many airport workers remain able to access the 
security areas of an airport, and even aircraft, without undergoing the same 
screening process as passengers. Some of these cases included the following 
attacks: 


1. Libyan Airline employees placing the bomb that brought down 
Pan Am Flight 103. 

2. The shooting of the flight crew on PSA Flight 1771 by an employee of 
USAir. 

3. The attempted takeover of FedEx Flight 175 by a second officer. 

4. The hijacking of TWA Flight 847, where catering personnel planted guns and 
grenades in the aircraft lavatory for later use by the hijackers. 

5. The bombing of a Russian airliner departing Egypt in 2015 was also linked to 
possible insider threats. 

6. Two airline baggage handlers at a large, commercial service airport in the 
United States, who were discovered engaging in the illegal transportation of 
guns on commercial flights. They used their employee badges to access the 
airfield, carrying bags filled with weapons, and placing them directly on 
commercial flights in the checked baggage hold—effectively bypassing the 
checked-bag screening process. 


Despite these and other cases, there are still serious concerns regarding the 
value of screening employees in the same way passengers are screened. 
Stimulating this debate was an incident that took place shortly after 9/11. In this 
incident, the FBI arrested three food workers with security identification display 
area (SIDA) access at the Detroit Metropolitan Airport in Michigan on suspicion of 
plotting terrorist activities. These individuals possessed airport diagrams and phony 
immigration documents and may have been planning a terrorist attack or conduct- 
ing surveillance to learn more about airport operational and security protocols. In 
February 2010 an airport shuttle bus driver pleaded guilty to three terrorism 
charges after he was accused of conspiring to detonate an explosive in the New 
York City subway system. In 2007, an individual who may have been employed by 
Evergreen Airlines was one of the men convicted in a failed plot to bomb JFK air- 
port in New York. In 2011, a former British Airways employee was arrested in 
England on terror-related charges after prosecutors say he plotted with Anwar 
al-Awlaki in 2010 to carry out both cyber and physical attacks against British 
Airlines passengers, including potentially bringing down a trans-Atlantic flight. 

The issue of employee screening is primarily concerned with the ability of an 
aviation employee with SIDA access to bypass routinely the majority of the avia- 
tion security processes. Depending on the level of access a particular aviation 
employee has, he or she may be able to bypass all of the security measures, right 
up until he or she accesses the flight deck of an aircraft. This level of access is 
necessary for pilots, mechanics, crew members, and others, but the debate con- 
tinues about whether these individuals should be subjected to the same level of 
scrutiny as passengers. 
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Currently, passenger screening checkpoints are designed based on the 
demands of a certain number of passenger embarkments plus airport personnel 
who do not having SIDA access and therefore must use passenger checkpoints to 
gain access to their worksite. To require all aviation personnel to go through the 
passenger screening checkpoints would require significant increases in space, 
equipment, and personnel. Some airports in the United States employ more than 
40,000 workers (at a single airport) who possess access/ID badges that allow 
them to enter secured areas. Requiring all of these individuals to use passenger 
checkpoints as they are currently designed and staffed would cause undue delay 
for both passengers and employees. However, the idea of employee screening 
continues to gain popularity because of its use at many foreign airports and a pub- 
lic and political outcry that the lack of employee screening represents a signifi- 
cant gap in the aviation security system. It should be noted that foreign airports 
feature physical design characteristics to reduce the number of individuals who 
have access to aircraft. 

Rather than have all current aviation personnel begin using the passenger 
checkpoints, an alternative strategy is to construct employee screening check- 
points with X-ray machines and magnetometers. Many airport workers already 
use an access gate or door to get from parking areas to their worksites within 
secured areas, so checkpoint facilities could be installed at these locations, 
depending on available adjacent space. Even if the physical facilities were 
expanded, airports would be required to purchase millions of dollars’ worth of 
additional X-ray and magnetometer equipment to use at these checkpoints, and 
the TSA would have to hire more personnel to staff these locations. A few air- 
ports in the United States, notably Miami and Orlando international airports in 
Florida, have initiated their own employee screening, employing their own private 
contractors to conduct the screening at airport access gates and other locations. 

If the screening of airport employees is eventually required by law or, more 
likely, a Security Directive, airport operators could be given the responsibility to 
conduct the screening function of airport and airline employees, which would then 
shift the financial obligation from the TSA to the airport operator, leaving the air- 
port operator to hire screening personnel and ensure they are trained and certified 
to TSA standards. Notwithstanding the startup costs to implement such programs, 
yearly operational costs have ranged up to $8 million at some large-hub airports— 
costs that the airport operator would have to absorb. Otherwise, if the TSA is given 
the responsibility, it would require the hiring of tens of thousands more TSOs, 
which is unlikely due to public pressure to temper TSA’s expansion. 

An additional challenge to employee screening is that many employees require 
the use of tools and other items that are considered prohibited if brought through 
the screening checkpoint. This raises the question, why screen someone for a 
knife or hammer when the person needs the item for the job? The intent of 
employee screening should focus on ensuring that explosives or guns are not 
being brought into secure areas, with less focus on tools and knives. Individuals 
required to be in possession of such items should be registered with the airport 
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operator and required to maintain control of those items at all times while in 
secured areas. 

When discussing employee screening, generally issues are raised that lead to a 
distinction between the terms screening and inspection. ATSA 2001 called for the 
TSA to develop systems to screen all employees. So far, the aviation industry has 
met this condition by requiring that all personnel with SIDA access undergo a crimi- 
nal history record check (CHRC) before being allowed unescorted access. There are 
several loopholes within this type of screening program, such as the lack of a require- 
ment for employees to undergo additional CHRCs in the future (once passed, 
employees are not required to go through the check again, but the TSA says they do 
random periodic checks of personnel who have already undergone the process). 

Currently, it is the responsibility of an employee to advise the issuer of his or 
her access/ID badge if he or she has been convicted of a disqualifying offense 
used in CHRCs—that is, if the offense occurs after he or she has already been 
issued an access/ID badge. If an aviation employee is found guilty of a disqualify- 
ing offense, and considering that all disqualifying offenses are felonies, it is likely 
that he or she will be serving prison time and will not be available for work. 

An additional problem with existing regulations is that they do not address 
individuals who may have been found guilty of a crime not listed as a disqualify- 
ing offense. These individuals may still work, but they remain a security risk. 
Each airport operator can address these offenses within its airport security pro- 
gram and create additional restrictions on the requirements to receive an airport 
access/ID badge. 

There continues to be a trend within the TSA to move forward with additional 
employee screening requirements, focused on using physical inspection processes. 
Since 9/11, the TSA has required airport operators to reduce the number of 
employees with SIDA access to the minimum number possible and the TSA con- 
ducts random security inspections at employee access points using magnet- 
ometers, X-ray machines, or physical inspections such as pat-down searches and 
bag dumps. The TSA also requires that security threat assessments be conducted 
on all SIDA access/ID applicants and that all SIDA access/ID applicants are 
checked against the no-fly and selectee lists. 

Another option to 100% employee screening is the implementation of 
employee inspections. Employee inspections are not as thorough as a body- 
imaging device, but these inspections do deter criminal and terrorist activities. 
Employee inspection programs generally consist of: 


1. contracted security personnel; 

2. stationary and roving inspection stations; 

3. established rules for what airport workers can carry into the Secured Area 
(since many personnel require tools to do their job, but that are also on the 
TSA prohibited items list related to passenger screening); 

4. training for security personnel in the inspection process of both personnel and 
their belongings; 
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5. training in spotting suspicious individuals, elements of IEDs, illegal weapons 
and in some cases, illegal narcotics; 

6. an inspection process that uses visual inspection of the employee (removing 
coats that could hide a device or gun), hand-held metal detectors, and visual 
inspection of personal belongings; 

7. law enforcement notification plan if a prohibited item is discovered. 


The TSA has piloted several programs at some airports to enhance employee 
security. These programs have included suspicious awareness training for employ- 
ees, using biometric-based identification credentials and random screening of 
employees in the security areas. Employee awareness training about violence in 
the workplace is a good alternative as it is likely that an employee intending to 
cause harm, whether they are a terrorist or unstable individual or criminal, will 
exhibit unusual behaviors or preincident indicators. Employees should be trained 
to watch for these behaviors and should have a method for reporting such suspi- 
cious activity to their supervisors or airport security. 


SPECIAL ISSUES IN SCREENING 
CANINE 


The National Explosives Detection Canine Team Program originated in 1972. A 
canine was first used for screening in 1972 for a flight from New York to Los 
Angeles that returned to the gate after receiving a bomb threat. After evacuating 
the passengers, a bomb-sniffing dog was brought onboard. The dog discovered an 
explosive device just 12 minutes before it was set to detonate (TSA, 2006). 
Shortly thereafter, the FAA Explosives Detection Canine Team Program was cre- 
ated. The program has operated continuously, with dogs and handlers providing 
an essential layer of the aviation security system. 

The initial purpose of the FAA Explosives Detection Canine Team Program 
was to provide certified canine teams at select airports so that aircraft receiving 
bomb threats could quickly divert to one of these airports. The program started 
with 40 canine teams at 20 airports. Another 47 teams and 7 more airports were 
added in 1987, and by 1996, virtually all Category X airports and many 
Category I airports hosted canine explosive detection teams. Today, canine teams 
are used in greater capacities than just inspecting aircraft. Canine teams are 
actively involved in patrolling the airport’s public areas, particularly the ticket 
counters where passengers are checking in their bags, in cargo areas, and at the 
screening checkpoints. Canine teams are also effective deterrents for would-be 
criminals or terrorists. With all existing technology, a canine’s sense of smell is 
still the most reliable method of detecting an explosive! 

Canine teams are also part of the airport’s emergency response plan to address 
unattended and suspicious items. A canine can often detect the presence of an 


Special Issues in Screening 


explosive device within a bag without physically examining the bag. This helps 
bomb squad members to better assess the potential for an IED. Dogs can quickly 
exclude the presence of explosives in aircraft, at the airport, or in vehicles, thus 
allowing a quick return to service and minimal disruption of commercial activity. 
Canine teams are also highly versatile and are able to adapt to new environments 
with little to no additional training. In 2005, when the TSA conducted pilot pro- 
grams using dogs to search air cargo break bulk, containers, and airline ground 
support equipment for explosives, the GAO issued the following report: Overall, 
the data suggest that even without prior training, the canine teams performed rea- 
sonably well, illustrating the ability of the teams to adapt to new and different 
environments and tasks. According to TSA officials, the results of both phases of 
the pilot program demonstrated that canines offer promising alternatives to 
inspecting air cargo (GAO, 2005, p. 80). 

The TSA Canine Program trains and certifies dogs and handlers at Lackland 
Air Force Base in Texas. Traditionally, handlers were local city or county law 
enforcement officers (LEOs) based at commercial service airports, but in the late 
2000s the TSA initiated their own civilian canine explosive detection program, 
sending hundreds of TSA non-LEO personnel through the training and deploying 
them to airports in the United States. Dogs are acquired and trained by the TSA, 
then a handler is assigned and the dog and handler train together. The handler 
generally remains the handler until either the dog retires or until the handler 
retires or takes a new assignment. 

Once a handler and dog are paired up as a team, the TSA provides the initial 
training and certification, plus partial funding for the handler’s salary and care and 
feeding of the dog, along with veterinary and other costs associated with the dog 
once the team returns to the home airport. Dogs are trained using B. F. Skinner’s 
operant conditioning reward-based system whereby the dog receives a reward for 
every success. Dogs are taught to identify the fundamental components of explo- 
sive material and then indicate to his or her handler that an odor has been detected. 
The dog is then given a reward, along with physical and verbal praise from the han- 
dler. The association of detecting an explosive odor and being rewarded is repeated 
hundreds of times until the dogs “learn the game.” 

The dogs are usually Labrador Retrievers, German Shepherds, Belgian 
Malinois, or Vizsla. They must meet higher standards than those used for other 
types of service dogs (Price, 1995). Once the handler and dog are teamed up, the 
TSA puts the team through a 10-week course on how to locate and identify dan- 
gerous materials using search techniques unique to aircraft, baggage, vehicles, 
and airports. 

Human handlers also must undergo a rigorous military style of training before 
selecting their dogs; it is just as important to have an effective handler as it is to 
have an effective dog. Once teamed up, handlers and dogs spend nearly every 
moment together. During the detection process, the handler must totally concen- 
trate on the dog, watching for any changes in behavior that may indicate the dog 
smelled something questionable. The dog is also sensing the handler’s actions. 
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This intense concentration is a trademark of the bomb dog teams. Handlers must 
“read” the dog or they could inadvertently pull the dog off an odor (Price, 1995). 

To this day, dogs are considered the gold standard of the explosive detection 
industry. Although some manufacturers of ETD technology claim to have pro- 
ducts that are as good as a dog’s sense of smell, there have been no significant 
studies to support such claims. The sensitivity of a dog’s nose is virtually unri- 
valed. Another benefit is that dogs are highly portable and can quickly search 
large areas. In 1995, during a recertification test, a bomb dog team at Denver 
International Airport cleared the west end of the B Concourse (about a half mile 
in length) in just over | hour and 15 minutes and found all eight test explosives. 

The canine programs have been one of the most consistently successful explo- 
sive detection programs in the history of aviation security. Airport operators 
should place the addition of more canine teams at their airports as one of their 
highest funding priorities. 

Another method of screening passengers that is being developed by the TSA 
is passenger screening canines, which are dogs that are specially trained to detect 
explosive vapors coming off a general area and able to track the vapor back to its 
source, or close to it. This allows TSOs to conduct additional screening of a par- 
ticular individual or group. Dogs also have the benefit of being passenger-friendly 
and provide an element of randomness to the security process. 


OPT-OUT: THE SCREENING PARTNERSHIP PROGRAM 


With the passage of the ATSA of 2001, Congress mandated that five airports 
would continue to use privately contracted screeners but under federal direction 
and under federal acquisition. The program was initially a pilot program, but is 
now in effect and is known as Opt-Out or the Screening Partnership Program 
(SPP). By 2012, the number of opt-out airports reached 17, however, the program 
remains controversial. In 2011, the TSA attempted to reject any further airport 
opt-out applications unless the airport could prove that the private screeners could 
provide a security advantage over TSA personnel, a virtually impossible task. In 
2012, Congress, a long-time supporter of opt-out in general, reversed the burden 
of proof forcing the TSA to approve opt-out applications unless they could prove 
that the private screeners would provide a lesser level of security than TSA— 
again, a nearly impossible task. The TSA’s own studies on the SPP found that 
screening at SPP airports costs approximately 17.4% more to operate than at air- 
ports with federal screeners, and that SPP airports fell within the “average per- 
former” category for the performance measures included in its analysis. Other 
studies have put the costs at 9—17% higher than at non-SPP airports, and private 
screeners performed at a level that was equal to or greater than that of federal 
TSOs. A 2009 GAO report that essentially studied the results of the TSA study 





©The human nose contains 5 million scent receptor nerves, whereas a dog’s nose contains 
225 million. 
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and another study conducted by an independent contractor concluded that some 
of the increased costs resulted from redundancies between TSA and contractor 
personnel at the SPP airports (GAO, 2010). 

Before 9/11, airlines subcontracted screening to private companies. The 
United States mandated in 1973 that aircraft operators were responsible for 
the screening and inspection of its passengers and their carry-on baggage. 
The aforementioned ineffectiveness of these private companies has greatly 
affected the SPP. 

When ATSA 2001 was passed, it called for a pilot program to study the effec- 
tiveness of private companies conducting passenger and baggage screening and 
inspection, a model used throughout the world. In this evaluation, the US federal 
government contracted private companies and held them to the same performance 
and training standards as federal screeners. 

Five airports were selected for the pilot program, with each airport represent- 
ing different levels of commercial service: San Francisco International Airport, 
CA (Category X); Kansas City International Airport, KS (Category I); Greater 
Rochester International Airport, Monroe, NY (Category II); Tupelo Regional 
Airport, MI (Category III); and Jackson Hole Airport, WY (Category IV). All of 
the airports with the exception of Jackson Hole were provided with contract 
screeners who worked for a private company that had won a bid from the TSA to 
provide such services. The Jackson Hole airport was allowed to use its own air- 
port employees as screeners but still had to meet federally mandated performance 
and training standards. 

Before 9/11, employees of contracting screening companies were paid poorly 
and met only minimal qualifications. These companies had sought to keep 
expenses to a minimum to maximize profit from their airline contracts. With the 
backing of minimum hiring, training, and performance standards through legisla- 
tion, the post-9/11 private companies have been more successful at increasing 
their standards for screening. After 5 years, some of the private screening compa- 
nies were reporting workers’ compensation rates of lower than 5%, as compared 
to the 20% or more workers’ compensation rates of the federal workforce. In 
addition, some of the private screening companies were reporting fewer security 
breaches, fewer customer service complaints, and, in some cases, were able to 
provide the same level of service with 20% less personnel than similar federally 
staffed facilities. Contributing to the lower costs was that the private companies 
made effective use of part-time personnel, whereas the federal workforce was not 
set up to use such an advantage. The federal government has recently allowed 
part-time personnel. 

Subsequent GAO studies have not identified a significant difference in the 
breaches or number of prohibited items identified between TSA and the private 
companies. It is reasonable to conclude that if the private companies were not 
achieving equal to or better detection rates than TSA personnel, the TSA would 
be telling this to Congress as a way to eliminate the contract program 
altogether. 
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In the 2004 study, private screeners exceeded the federal workforce in most 
every other measurable area (customer service, lower workers’ compensation 
rates, lower staffing, etc.). This level of performance was not lost on the aviation 
industry. Because of this evaluation, any US airport was allowed to apply to the 
SPP, effectively opting-out of using a federally provided screening workforce. 
However, there was another significant barrier to airports switching to private 
screeners—liability. There is wide speculation in the industry as to why the SPP 
had not caught on at first. Many airport operators perceive that the airport will 
place itself at higher risk in terms of public perception if the airport chooses to 
opt-out, whereas with federal screeners, if there is a security breach, the airport 
operator can always point out that screening is not an airport (nor an airline oper- 
ator) function. However, the number of opt-out airports eventually did rise and 
the debate continues within the industry and the halls of Congress. 

With ATSA 2001, the opt-out process called for the airport operator to initiate 
the decision to opt-out of the federal workforce. That is the only control the air- 
port has over the process. Once an airport decides to opt-out, the federal govern- 
ment issues a request for proposal to qualified parties that want to provide the 
private screening service. The federal government makes the selection, negotiates 
the contract, then signs the contract, and acts as the contract manger. Although 
the airport operator may be consulted on which screening company it desires to 
employ, the decision is ultimately up to the federal government. Once in place, 
the federal government continues to provide operational oversight over the con- 
tract and the private screening workforce. 

As mentioned, the federal government is responsible for selecting the contrac- 
tor, signing the agreement, and maintaining operational oversight for any airport 
deciding to opt-out. Despite these responsibilities by the federal government, the 
airport is still exposed to risk should a security incident occur resulting from 
actions taken by the subcontracting screening provider. The federal government 
several times at various industry conferences and through personal communica- 
tions sought to assure airport operators that they were not liable for risks associ- 
ated with using subcontracted screening providers. Regardless of this 
consultation, many airport operators were advised by their legal counsel that the 
airport could be exposed to lawsuits if such an incident occurred and it could be 
proven in a court of law that if the airport had not made the decision to opt-out 
that the incident may not have occurred. 

In 2005, the US Congress addressed the concerns of airport operators regard- 
ing liability when using subcontracted screening services. The government passed 
the Support Antiterrorism by Fostering Effective Technologies Act of 2002, also 
known as the Safety Act. The Safety Act (see www.safetyact.gov) provided a 
method whereby private companies supplying homeland security technology 
(including screening services) could apply for liability protection. The Safety Act 
sets minimal insurance limits for companies providing antiterrorism technologies 
and services. The Safety Act also ensures that the company will only be liable for 
its insured amount if the company is sued because of a terrorist act. 
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Another advantage of the Safety Act is that any airport or aircraft operator 
that subcontracts a company that has Safety Act coverage is also, by extension, 
covered from related liability. In 2006, numerous companies applied for and 
began receiving Safety Act liability coverage. 

One challenge still facing opt-out proponents and the companies that employ 
private screeners is reluctance by airport operators to take on any additional 
responsibility that already belongs to the federal government. Although federal 
screeners do not work as well as the private screeners in the previously mentioned 
areas, the anecdotal opinion of many airport operators is that the performance of 
the TSA is adequate. Although this qualification has not been officially evaluated, 
some conclusions can be drawn from the fact that only one airport has elected to 
opt-out since the option became available. Presently, it seems that airport opera- 
tors do not perceive the performance of federal screeners as poor enough to 
employ opt-out subcontractors and thereby incur additional liability. 

Although airport operators are presently reluctant to switch to private screen- 
ers, the US Congress took action attempting to sway airports to seek the SPP. In 
2005, Congress looked at legislation sponsored by Senator John Mica and 
Congressman Dan Lundgren that, in its original form, would have rewarded air- 
port operators with federal capital improvement funds if an airport could demon- 
strate cost reductions in its screening operation. Private screening companies can 
provide the same level of service as the federal workforce, but with a 20% smal- 
ler staff and with 15% fewer workers’ compensation claims. In this regard, the 
airport operator could potentially realize a significant cost savings by seeking the 
opt-out. Under the legislation proposed by Mica and Lundgren, the airport using 
opt-out would then be eligible for a percentage of the savings to be returned to 
the airport as a federal grant. Although the bill never made it to a final vote, it 
does show a continuing trend in the US Congress to move away from using the 
federal workforce for airport screening purposes. The 2010 GAO study concluded 
that many airports would consider opting out if they could select the private 
screening contractor that would be awarded the passenger and baggage screening 
contract at their respective airports and share in any cost savings resulting from 
their participation in the program (GAO, 2010). Further, the reason many airports 
stated they had not applied to opt-out is (1) the airport was satisfied with TSA 
screening services, (2) screening is a federal government responsibility, and 
(3) the SPP does not allow airports to have managerial control (GAO, 2010). 


REGISTERED TRAVELER 


ASTA 2001 created another pilot program designed to help frequent travelers to 
move through the system more efficiently. Originally, the program was called 
Trusted Traveler, but the name was quickly changed to Registered Traveler (RT), 
as the TSA did not want to give the impression that individuals were trusted and 
thus not subjected to all of the levels of screening and inspection as other 
travelers. 
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The initial concept for RT was that low-risk passengers could submit to a 
background check process. After passing the background check, the applicant for 
RT status would be issued biometrically encoded identification allowing for a 
more expeditious path through the screening process. Once he or she has cleared 
the CHRC process, the applicant for RT status will have a biometric identification 
card created by a qualified RT provider. The traveler would then have the ability 
to use a designated line for RT passengers at airport screening checkpoints. The 
checkpoint, while not subjecting RT participants to any lesser level of security, 
would be designated solely for RTs. The advantage to an RT program participant 
is that he or she will be in line with other RT participants, who are most likely 
business travelers familiar with the security process and can move through the 
line quickly. Additionally, RT participants would have their own security line and 
not have to stand in line with hundreds of others. This potentially allows RT par- 
ticipants the flexibility to arrive later at the airport. With the switch to risk-based 
screening, this philosophy has changed. The RT program is now known by its 
industry provider, CLEAR and is primarily a front-of-the-line pass. The TSA has 
started to use the term RT or Trusted Traveler to refer to its risk-based screening 
programs, such as PreCheck. 


AIRCRAFT CHARTER SCREENING 


Under CFR Part 1544.101, aircraft operators conducting private charter operations 
with aircraft having a maximum certificated takeoff weight greater than 
45,500 kg (100,309.3 pounds) or with a passenger seating configuration of 61 or 
more must ensure that all passengers and accessible baggage are screened (using 
metal detection devices and X-ray equipment) before boarding the aircraft. This 
tule applies to aircraft operators regardless of the nature of the airport used. 
Therefore, it applies to private charter operators working out of commercial ser- 
vice and general aviation airports. Most private charters conducted under this rule 
are commercial airline Part 121 operators. These operators can take advantage of 
normal commercial service SSCPs. In some cases, where the private charter oper- 
ation is conducted either from the general aviation area of a commercial service 
airport or from a general aviation airport itself, the aircraft operator must provide 
for the necessary equipment and trained and certified screening staff. The TSA 
has a modular training program whereby non-TSA screeners who have been 
trained and certified by the TSA through the TSA-approved Basic Screener 
Training Course are allowed to perform this screening. 


SCREENING CONDUCTED BY THE DOMESTIC OR FOREIGN 
AIRCRAFT OPERATOR 


In some cases, the aircraft operator, particularly at airports that have infrequent 
commercial service, may conduct screening. In such cases, CFR Part 1544 


Conclusions 


Subpart E is used to ensure that airline employees and the equipment used for 
screening are certified by the TSA to perform inspection operations. In addition, 
in the case of foreign aircraft operators conducting screening outside the United 
States for flights departing for US airports, the aircraft operator must meet TSA 
screening standards as related to passenger, carry-on, checked, and cargo screen- 
ing. If a foreign operator does not meet these requirements, then the passengers 
on the flight will have to be screened by TSA-certified personnel and equipment 
before being allowed into sterile areas and before baggage and cargo are trans- 
ferred to other domestic flights. 


CONCLUSIONS 


The screening of passengers and their carry-on bags has been the most visible airport 
security measure since its inception in the late 1960s. Screening is also one of the 
most important layers in the aviation security system. When performed effectively, 
with the proper equipment and personnel, screening can deter two of the most com- 
mon forms of attack on aviation—airline bombings and airline hijackings. 

When screening requirements were first established, the US government 
placed the responsibility for conducting the screening on the airlines, with the 
FAA providing regulatory oversight of the airline screening programs. The main 
objective of screening was to ensure that passengers were prevented or deterred 
from bringing prohibited items, such as guns and explosives, through screening 
checkpoints and into sterile areas of an airport and onto commercial aircraft. 

Over the years, regulatory oversight became scarce, personnel attrition at the 
private screening companies that had been subcontracted by the airlines to con- 
duct the actual screening function reached 100% annually in some areas, and 
technologies did not keep up with emerging threats. Although several pieces of 
legislation required tighter screening oversight, little was done to improve the sys- 
tem before 9/11. 

After 9/11, the TSA took over the screening responsibility from the airlines 
and subsequently found itself regulating its own activities. Manufacturers began 
providing better equipment to detect weapons and explosives, along with expand- 
ing their research and development programs to meet existing threats and counter 
emerging threats. Additionally, for the first time in the history of US aviation 
security, checked baggage was required to be inspected. Cargo and aviation 
employee screening programs were also mandated. 

Screening is a term with broad applications and definitions. Screening can 
consist of verifying a passenger’s identity and boarding pass information to pas- 
sive and active forms of profiling. Screening is also a term used interchangeably 
in the TSA with the term inspection, which infers the actual physical inspection 
of an individual, package, bag, or other cargo, through the use of metal detectors, 
explosive detection equipment, pat-downs, or other approved methods. Research 
and development efforts continue to generate better methods of detecting 
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prohibited items, yet one of the best detecting “technologies” continues to be one 
that has been in use since 1972—canine explosive detection teams. The post-9/11 
changes have also brought cargo screening to the forefront, along with new indus- 
try issues such as the SPP, the RT Program, and the integrity of foreign aircraft 
operator screening programs. 





KNOW WHERE YOU CAME FROM, IN ORDER TO KNOW WHERE YOU 
ARE GOING 


Ilana Brodesky 


Former security officer for the Israeli Aviation Authority in New York 


Preventing terrorist attacks on air travel, demands flexibility and the constant reassessment of 
threats. It also demands well-trained security personnel who know how to do so, as terrorists are 
adaptive, and design their plots as they find a window of opportunity. The key ingredient is to make 
security less predictable while still implementing the necessary security measures. The first El Al 
Flight 426 hijacking in 1968, following other hijackings around the world, resulted in implementing 
magnetometers at security checkpoints to keep guns off planes. After the Pan Am Flight 103 
bombing over Lockerbie, Scotland, in 1988, people were required to fly with their luggage. 
Following the 9/11 events, blades were banned onboard. The attempt to blowup American Airlines 
Flight 63 from Paris to Miami, led to the introduction of passenger footwear scanning. The list of 
events is long, and each event has an important role in today’s security procedures. 

Looking at the airport security system that we have today, each measure has a reason—and 
each one provides some security value. The importance of having trained security personnel to 
acknowledge the past and learn the history of aviation events, as “rules were written in blood,” 
may prevent the next terror plot. For example, the case of American Airlines Flight 63 that led to 
passenger footwear scanning. Why this event led to this security measurement, and how well 
security personnel know about this incident, so this kind of event will not happen again? 

On Dec. 22, 2001, al-Qaeda member Richard Reid, also known as the “Shoe Bomber,” 
attempted to ignite pentaerythritol tetranitrate (PETN)’ that was hidden in the sole of his shoe in 
his unsuccessful attempt to blow up American Airlines Flight 63 from Paris to Miami. Aided by 
passengers, the flight attendants overpowered and subdued Reid and the flight was diverted to 
Logan International Airport in Boston, MA. As a result of this event, passengers are required to 
take off their shoes at security points so they can be scanned. Scanners cannot detect PETN in 
shoes, and a chemical test is needed. However, a chemical test cannot be performed on each pair 
of shoes. As PETN is difficult to detect because it does not readily vaporize into the surrounding 
air,” the expertise of the security personnel comes to play a key role. Even though the X-ray 
scanners cannot detect all explosives, it is an effective way to see if the shoe has been altered to 
hold a bomb.” But most importantly, we need to make sure the security personnel know what they 
are looking for. 
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References 


If we will take Israel as an example, Israeli aviation security personnel put in place several 
layers of security in Ben Gurion airport in Tel Aviv. The meaning and importance of placing 
several layers of security is that an attacker who escapes notice at one level of security would 
likely be captured by another. Another Israeli security procedure relies on not just screening of 
luggage or shoes but also on interviewing of passengers. Israeli citizens understand the existence 
of a common enemy, which allows security personnel more leverage, while requires the Israeli air 
traveler to tolerate necessary inconveniences. None or very little of this style of security is 
implemented in the United States. 

Looking at the Israeli security methods makes many wonder, should and can the United States 
adopt the “Israeli way” of airport security? This issue is debatable. In the United States, the 
notion of “free society” and “the land of the free” makes it impossible for most Americans to 
accept the drastic changes in security, especially in aviation security. Since the devastating events 
of September 11, the public needs to understand that if we are to continue enjoy living in a free 
society, some security measures have to be implemented. But for now, if we may put all the 


politically correctness aside, the security personnel should be the first to accept, and most 
importantly to understand security measures. The importance of training security personnel while 
focusing on past events, can and will be more helpful to prevent the next terror plot, as we have 
to know where we came from, in order to know where we are going. 
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Commercial aviation aircraft 
operator security 


OBJECTIVES 


This chapter explains the roles of aircraft operators and the federal government in 
aircraft operator security. We discuss the issues airlines must address in their 
security programs, including crewmember safety and security training. We intro- 
duce you to the requirements and approval processes of the full and partial air- 
craft operator security programs. Characteristics that differentiate special security 
programs, such as the private charter and 12-5 security programs, are provided. 
We investigate the functions and responsibilities related to stakeholders, such as 
flight crewmembers, aircraft operator security coordinators (AOSCs), ground 
security coordinators (GSCs), and in-flight security coordinators (ISCs). Salient to 
these discussions is an introduction to the psychology of confrontation that may 
be encountered in aviation. The chapter concludes with generalized comparisons 
of security requirements for foreign air carriers to those of domestic air carriers. 


INTRODUCTION 


Aircraft operations offer unique challenges to security. The necessity of the airlines 
to move across national borders, carrying millions of passengers every year and 
billions of tons of cargo and baggage, creates the opportunity for significant secu- 
rity loopholes. This vast scope creates many security challenges to airline operators 
in terms of processes and regulatory enforcement. Communication lines are critical, 
particularly when transmitting security directives and threat information from 
airline headquarters’ offices to hundreds of airline stations across the world. 

This large span of control makes airline security operations different from air- 
port security management in a number of ways. When a security incident occurs 
at an airport, the airport security coordinator (ASC) can go to the location in a 
matter of minutes and see the circumstances firsthand. Those involved in the inci- 
dent can be interviewed directly, and the ASC can address the problem person- 
ally. When there is a problem at an airline station far away from the airline’s 
security manager’s office, the security manager must fly to the location involved, 
often not arriving for hours or, in some cases, days after the event. Airline secu- 
rity managers at the corporate level are geographically farther away from the 
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personnel actually implementing and carrying out day-to-day security measures. 
With potentially dozens of security incidents occurring daily, flying to the loca- 
tion of each is impractical and, in most cases, impossible. 


AIRLINE SECURITY: HISTORICAL CONTEXT 


Airlines first embraced a formalized role of security management in the early 
1970s in response to numerous hijackings. During this time, some airlines volun- 
tarily implemented passenger and carry-on baggage screening, while others 
remained opposed. While hijackings in the United States were certainly inconve- 
nient and often scary for the passengers involved, they were rarely, up until 1973, 
deadly. In 1973, three armed men hijacked a Southern Airways aircraft and 
demanded money. While the airline tried to find the money, the hijackers were 
steadily drinking the alcohol supplied on board, and eventually ended up threaten- 
ing to crash the aircraft into a nuclear reactor in Oak Ridge, TN (Mueller and 
Stewart, 2016, p. 137). 

By 1973, screening was mandatory and regulated for all air carriers, a role that 
continued during the 1970s— 1990s. In 1988, in response to the bombing of Pan Am 
Flight 103 (Lockerbie, Scotland), positive passenger/baggage matching (PPBM) 
became a regulatory responsibility of US airlines conducting international flight 
operations, but not domestic US operations. In 1996, in response to a ValuJet crash, 
the carriage of hazardous materials also brought cargo security to the forefront of 
aviation security, but screening of air cargo was still conducted via the Known 
Shipper program, not by physically screening the package. Also in 1996, the crash 
of TWA Flight 800 and subsequent legislation added limited screening of checked 
baggage to air carrier security responsibilities but under limited circumstances. 

Throughout the 1980s and 1990s, those conducting screening were required to 
meet few federal standards and had minimum training requirements. With airlines 
operating as businesses, security was a loss prevention (ie, expense) line item 
rather than a revenue-generating function. As with any business seeking to mini- 
mize expenses and maximize profits, funding the contract screener workforce was 
often at the bottom of funding priorities. The screening workforce reflected this 
lack of focus and, before 9/11, was fraught with turnover and performance 
problems. In some areas, the screener turnover rate exceeded 100% per year, 
causing gaps in security as positions were left unfilled. Screeners were typically 
lured away from the stress and monotony of the poorly paid and boring job to 
higher paying positions often at airport fast-food outlets. 

Companies such as Argenbright, the nation’s largest provider of contract 
screening personnel in the United States before 9/11, provided contracted 
screening services for numerous overseas air carriers and airports. This training 
required security personnel to be held to a much higher standard than their US 
counterparts—highly trained in security profiling and questioning techniques in 


Aircraft Operator Standard Security Program 


addition to their screening responsibilities. The lower performance of US screen- 
ers was more a result of the low expectations from US aviation security regula- 
tions rather than the performance of US screening companies. Internationally, 
screening has traditionally been viewed a great deal more seriously than in the 
US Terrorist attacks on commercial aviation continued in foreign countries at a 
rate high enough to warrant continued vigilance and a continuing series of 
improvements to the security system. 

In a 1989 report on Federal Aviation Administration (FAA) security programs, 
the General Accounting Office (GAO, 1987) stated that the quality of screener 
training varied widely among the airlines and that aircraft operators had different 
approaches for carrying out procedures, such as additional questioning of passen- 
gers, profile application, and detection of plastic explosives, thus creating few con- 
sistencies in procedures or policies. The FAA did not evaluate formal aircraft 
operator security training at high-risk foreign airports. In 1996 and 2000, the US 
government addressed minimum security standards for screeners—however, these 
regulations had not been completed by 9/11. The Aviation and Transportation 
Security Act of 2001 (ATSA 2001) transferred responsibility for screening to the 
federal government and reduced, but did not eliminate, the air carrier security role. 

In 1996, the Gore Commission concluded that aviation security was a federal 
responsibility. The Air Transport Association, now known as Airlines for 
America (A4A), an organization representing the airline industry, quickly agreed. 
In 2001, Congress decided that screening and in-flight air marshal functions were 
federal responsibilities.’ 

Airline security focuses on protecting the aircraft, its passengers, and crew. To 
that end, air carrier security managers focus on a variety of aspects, not just 
terrorism. Airline security is similar to security functions that might be found at 
any major corporation (eg, background checks, loss prevention, and employee 
safety). From the perspective of protecting corporate assets and personnel, airline 
security officers conduct their own inspections of airports that their aircraft use to 
verify that the airports serviced meet minimum security standards. No airline 
manager wants to lose an airplane because of a bombing or hijacking. Such 
events usually result in the loss of life, the loss of public confidence in the airline 
attacked, and the loss of corporate assets, but as with any other business venture, 
airlines must always balance how much time, energy, and effort is spent on secu- 
rity, with other areas such as safety and managing aircraft operations. 


AIRCRAFT OPERATOR STANDARD SECURITY PROGRAM 


Airlines use security standards set forth in the Aircraft Operator Standard 
Security Program (AOSSP). The AOSSP describes how an aircraft operator must 
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manage a security program to be approved for US commercial aircraft operations. 
Unlike the airport security program (ASP), which is unique to each airport, the 
AOSSP is a standard document applicable to all airlines. Each airline then creates 
its own internal security procedures that specify how it will comply with the 
requirements of the AOSSP. The Transportation Security Administration (TSA) 
compliance inspectors (often called Principle Security Inspectors—a title which is 
a throwback to the pre-9/11 days) enforce and provide oversight for the security 
programs. Specific policies and procedures of the AOSSP are classified as 
security sensitive information (SSI), so this section will only cover generalities 
regarding the AOSSP. 

Before 9/11, the majority of information in the AOSSP focused on passenger 
and carry-on baggage screening. Although the revisions to the AOSSP still 
include those processes, they only apply where the TSA does not perform screen- 
ing. The airline is still responsible to ensure that its passengers and baggage have 
been screened before allowing them onto the aircraft. However, the responsibility 
of actually conducting the screening usually falls under the control of the TSA or 
foreign airport screening personnel, or approved contractors. Other areas of the 
AOSSP focus on the common strategy, which addresses how an airline should 
handle hijackings, bomb threats, and bomb discovery procedures. The common 
strategy also addresses special flight procedures related to security and procedures 
against other threats to commercial aviation. 


TITLE 49 CFR PART 1544—AIRCRAFT OPERATOR SECURITY: 
AIR CARRIERS AND COMMERCIAL OPERATORS 


Before the passage of ATSA 2001, aircraft operator security was described under 
Federal Aviation Regulation Part 108. ATSA 2001 transferred Part 108 to Part 
1544. Title 49 CFR Part 1544 generally addresses commercial flight operations. 
However, any aircraft operator may request to be regulated under Part 1544. This 
section addresses the requirements of aircraft operators as related to the airline’s 
security program; screening of passengers, baggage, and cargo; the use of law 
enforcement personnel including the carriage of armed law enforcement officers 
(LEOs) on an aircraft; criminal history record checks (CHRCs); flight deck privi- 
leges; the Known Shipper program; and threat and response contingencies. Much 
of Part 1544 is similar in content and scope to Part 1542, particularly the areas 
that CHRCs, personnel identification systems, the security program amendment 
process, law enforcement response, and exclusive area agreement processes. 


APPLICABILITY OF THE REGULATIONS 


Title 49 CFR Part 1544 applies to any aircraft operator with an operating cer- 
tificate issued by the FAA under CFR Part 119 Certification: Air Carriers and 


Title 49 CFR Part 1544—Aircraft Operator Security 


Commercial Operators. Part 119 specifies the requirements an aircraft operator 
must adhere to in order to conduct commercial operations in the United States. 
Specifically, Part 1544 applies to scheduled passenger operations, public char- 
ter passenger operations, private charter passenger operations, and the opera- 
tions of aircraft operators holding operating certificates under Part 119 and 
operating aircraft with a maximum certificated take-off weight of 12,500 Ibs or 
more. However, in June 2004, the TSA issued a “technical change” to the 
Twelve-Five Standard Security Program (TFSSP) that excludes aircraft weigh- 
ing 12,500 lbs or less from participating in the TFSSP. Subpart A also provides 
the TSA with the inspection authority and the rights to conduct tests and copy 
records of the aircraft operator to establish compliance with Part 1544. 


SUBPART B: SECURITY PROGRAM 


This section covers the security program format, amendment, and approval 
process and addresses the seven aircraft operator security programs: Full 
Program, Partial Program, and Twelve-Five Program (12-5 or TFSSP), Private 
Charter Program, Full All Cargo Program, and Limited Program. In October 
2008, the TSA issued a Notice of Proposed Rulemaking, which would add the 
Large Aircraft Security Program (LASP) affecting private aircraft operators in air- 
craft above 12,500 lbs, however, over 10,000 comments were received, most of 
them against the program, and the TSA went back to the drawing board. In 2012, 
the TSA expected the newly revised LASP to be available for review in 2013, but 
it was not, and as of spring 2016, the program’s status is still unknown. 

Each security program necessitates a set of requirements based on the 
threat presented by the aircraft type in terms of passenger capacity and weight. 
This section also addresses the format of an aircraft operator security program 
and the amendment process. The type of aircraft operator will generally deter- 
mine the type of aircraft operator security program required. Scheduled passen- 
ger or public charter operators operating aircraft with a passenger seating 
configuration that allows 61 or more seats and scheduled passenger or public 
charter passenger operations with an aircraft with 60 or fewer seats when 
passengers are enplaned from or deplaned into a sterile area are required to 
have a full security program. 

Aircraft operators using aircraft with a passenger seating configuration of 
31—60 seats not enplaning or deplaning from a sterile area or aircraft operators 
with passenger seating configurations of fewer than 60 seats but operating inter- 
nationally (to, from, or outside the United States and as a registered US air car- 
rier) adhere to partial security program requirements. Aircraft with a maximum 
gross take-off weight that exceeds 12,500 lbs (per TSA “technical change,” used 
in scheduled or charter service, carrying passengers or cargo or both, and not 
already under a full or partial program must adhere to the 12-5 program. Aircraft 
with a take-off weight in excess of 45,500 kg (100,309.3 lbs) with a passenger 
seating configuration exceeding 61 seats or any aircraft enplaning from or 
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deplaning into a sterile area while conducting a private charter operation must 
adhere to the private charter program. 

The Private Charter Standard Security Program (PCSSP) is primarily for com- 
mercial airline operators who offer their aircraft for private charter. Typical custo- 
mers are sports teams or entertainers. Part 121 and Part 135 operators, using their 
aircraft in private charter operations with a maximum certificated take-off weight 
greater than 45,500 kg (100,309.3 Ibs), or with a passenger seating configuration 
of 6l or more, must ensure that all passengers and accessible baggage are 
screened prior to boarding the aircraft. Checked bags are not required to be 
screened since usually all of the passengers on a chartered flight know one 
another and assume that no one will attempt to blow up the plane by smuggling a 
bomb into the hold. 

The PCSSP must be followed, even at general aviation airports, and can be 
used for commercial service or noncommercial, airline-type aircraft. The PCSSP 
requires aircraft operators to ensure all passengers and accessible baggage are 
screened prior to boarding the aircraft. To comply with this requirement, the private 
charter rule allows “non-TSA” screeners who have completed TSA-approved 
private charter screener training to perform the screening. TSA screeners who have 
completed the TSA-approved basic screener training course may also perform 
screening at TSA checkpoints for private charter operations (Price, 2008). 

Additionally, these operators must have a security program that establishes the 
required security components for private charter operations. The program must 
include use of metal detection devices, X-ray systems, security coordinators, law 
enforcement personnel, accessible weapons, CHRCs, training for security coordi- 
nators and crewmembers, training for individuals with security-related duties, 
training and procedures for bomb or air piracy threats, security directives, and all 
of Subpart E of 49 CFR Part 1544 concerning screener qualifications when the 
aircraft operator performs screening (pp. 24—25). 

Aircraft operators conducting Full all-cargo operations where the aircraft’s 
maximum certificated take-off weight exceeds 45,500 kg (100,309.3 Ibs) carrying 
cargo and authorized personnel but no passengers operate under the Full all-cargo 
program. The full security program requires commercial service aircraft operators 
to comply with the regulations listed in Table 8.1. Limited Security Programs 
may also be approved when requested by a commercial aircraft operator other 
than one who fits the aforementioned categories. 

Although each security program contains a variety of requirements, it is best 
to remember that the TSA may add requirements if the TSA administrator feels 
that additional requirements are necessary to address heightened security 
concerns. The requirements for screener performance and training are also cov- 
ered (Subpart E of Part 1544) within the full security program. These require- 
ments only apply when the personnel employed by the aircraft operator or a 
private screening company (not TSA personnel) are used. Table 8.2 displays the 
measures called for by each security program. 
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Table 8.1 Full Security Program Requirements 


Full Security Program Requirement Regulation 
Ensure individuals and carry-on baggage are screened 1544.201 
Ensure checked baggage is properly screened 1544.203 
Screen cargo 1544.205 
Ensure that the TSA, the aircraft operator itself in lieu of the TSA, or a 1544.207 
foreign government has conducted screening of accessible property, 

checked baggage, and cargo 

Use approved metal detection devices to screen persons 1544.209 
Use an approved X-ray system to screen carry-on and checked 1544.211 
baggage where applicable 

Use an approved explosive detection system to screen checked 1544.213 
baggage on international flights 

Designate a security coordinator, known as the AOSC; duties of the 1544.215 
AOSC are similar to those of the ASC; also addresses GSCs and ISCs 

Provide for LEO support to respond to security issues onboard a flight 1544.217 
or at a screening checkpoint 

Ensure that processes for the carriage of accessible weapons for federal 1544.219 
LEOs and state and local police officers and sheriff personnel are 

adhered to 

Carry prisoners 1544.221 
Transport federal air marshals 1544.223 
Prevent unauthorized access to exclusive areas and aircraft 1544.225 
Carry out the provisions of any exclusive area agreements the operator 1544.227 
has entered into 

Conduct a security threat assessment on individuals with access to 1544.228 
cargo 

Conduct CHRCs on all aircraft operator personnel with access to 1544.229 
checked baggage and cargo and any personnel with unescorted access 

authority 

Conduct CHRCs on flight crewmembers 1544.230 
Use airport-approved and exclusive area—approved personnel 1544.231 
identification systems 

Provide security training for GSCs and flight crewmembers 1544.233 
Provide security training for other employees with security-related duties 1544.235 











such as security identification display area (SIDA) training for ramp 
workers, airline administrative personnel, and others who are not 
required to be a GSC or ISC 





Restrict access to the flight deck to only those the air carrier has 1544.237 
specifically authorized in its TSA-approved security program 

Comply with the requirements of the Known Shipper program as related 1544.239 
to the acceptance of cargo 

Have and implement contingency plans when directed by the TSA and 1544.301 
participate in airport-sponsored emergency exercises 

Evaluate threats and have plans to handle bomb and air piracy threats 1544.303 
Comply with security directives and receive information circulars 1544.305 





Table 8.2 Aircraft Operator Security Program Requirements (per CFR Part 1544 or 1550) 


Security Program 


Requirements 


Screen individuals and 
carry-on bags (1544.201) 


Apply security measures 
to prevent or deter the 
carriage of any 
unauthorized persons, 
any unauthorized 
weapons, explosives, 
incendiaries, and other 
destructive devices, items, 
or substances (202) 


Prevent explosives and 
incendiaries, and screen 
checked baggage; control 
screened bags (208) 


Screen cargo (205) 


Full Security 
Program (1544) 


Scheduled 
passenger or public 
charter +61 
seatsOrScheduled 
passenger or public 
charter when 
enplane or deplane 
into a sterile area 


Yes 


N/A (applies to full all- 
cargo or 12-5 all-cargo 
only) 


Yes (and apply Known 


Shipper program (239)) 


Partial Security Program 
(1544) 


Private Charter 
Security Program 
(1544) 


Type of Aircraft Operation 


Scheduled passenger or 
public charter with 30-60 
seats that do NOT enplane or 
deplane from a sterile area Or 
Scheduled passenger or 
public charter <60 seats flying 
to, from or outside the United 
States, that do NOT enplane 
or deplane into a sterile area 


No (unless specified/approved by 
TSA) 


N/A (applies to full all-cargo or 
12-5 all-cargo only) 





Private Charter 
above 100,309 Ibs 
(45,500 kg) or +61 
passenger seats 
(regardless of 
enplaning or 
deplaning into a 
sterile area) 


Yes 


N/A (applies to full all- 
cargo or 12-5 all- 
cargo only) 





Full All-Cargo 
Security Program 
(1544) 


Aircraft operators 
above 100,309 Ibs 
(45,500 kg) engaged 
in the carriage of air 
cargo operating 
aircraft configured 
for all-cargo 
operations 


12-5 Security Program 
(1544 and 1550) 


Any aircraft in 
scheduled operations, 
or public or private 
charter carrying 
passengers, cargo, or 
both weighing more 
than 12,500 Ibs. 
Maximum Gross Take- 
off Weight 


No”? (unless, required 
under Part 1550.5(b) or 
1550.7(b)) 


Yes 


No 


Yes 


Ensure that TSA (where 
they conduct screening), 
the aircraft operator, or a 
foreign government 
(where appropriate) has 
conducted screening of 
persons, Carry-ons, 
checked baggage, and 
cargo (207) 


Use metal detectors to 
screen persons (209) 


Use TSA-approved X-ray 
systems for checked 
baggage (211) 


Use explosive detection 
system for checked 
baggage (213) 


Designate a Security 
Coordinator (215) 


Provide for LEO support 
217) 


Allow carriage of 
accessible weapons for 
LEOs under certain 
conditions (219) 





Carry prisoners (221) 
Transport FAMs (223) 


Prevent unauthorized 
access to Exclusive Area 
and aircraft (225) 


Conduct security 
inspection of a/c before 
placing in PSSG 
operations (225) 


Yes—if required by 
TSA as an amendment 





Yes 


No Yes 


Yes Yes 
Yes Yes 
Yes Yes 


Yes 


Yes 


Yes 


Yes 


No 


No 


No 


No 


Yes 


Yes 


< 


es 


Yes, under 1550.5(b), 
1550.7(b) 


(Continued) 


Table 8.2 Aircraft Operator Security Program Requirements (per CFR Part 1544 or 1550) Continued 


Security Program 


Carry out provisions of Exclusive Area 
Agreement (227) 


Conduct a Security Threat Assessment 
for personnel with access to air cargo 
(228) 


Conduct a search of the a/c before 
departure (1550.7(b)) 


CHRC’s for those with unescorted 
access, screeners, and those with 
access to checked baggage or 
cargo (229) 


CHRC of flight crewmembers (230) 


Carry out an airport-approved ID system 
if in an exclusive area (231) 


Training for Security Coordinator and 
crewmembers (233) 





Training for individuals with security 
duties (235) 


Restrict Access to Flight Deck (237) 


Full Security 
Program (1544) 


Yes 


Yes (CHRC may 
also be required if 
personnel also 


have SIDA access) 





Yes 


Yes 


Yes 


Yes 


Yes 


Yes 


Partial Security 
Program (1544) 


No 


Yes 


Private Charter 
Security Program 
(1544) 


No 


No 


Yes (if flight is not 
already covered by 


Full or Partial 
Security Program) 





Yes 


Yes 


Full All-Cargo 
Security Program 
(1544) 


Yes 


Yes 


Yes 


Yes 


Yes 


Yes 


Yes 


Yes 


Yes 


Yes 


12-5 Security 
Program 
(1544 and 1550) 


No 


No 


Yes (if flight is not 
already covered 
by Full or Partial 
Security Program) 


No 


Yes 


No 


No 


Yes 


Yes (if door 
installed) 


Known Shipper Program (239)° No 

Contingency Plans (301) Yes 

Bomb and air piracy threat procedures Yes 

(303) 

Comply with and protect security of SDs Yes 

and ICs (305) 

Approved screeners and screening No, unless TSA No, unless TSA 

program (Subpart E) has approved a has approved a 
request request 





This matrix is for training and educational purposes only. Each aircraft operator is responsible for contacting their TSA representative to get a list of requirements for their particular program. 

Unless required by TSA: 

1. Except where there is a security program under 1544 or 1546 in place, CFR Part 1550.5(b) Procedures, notes that any person conducting an operation using a sterile area must conduct a 
search of the aircraft before departure and must screen passengers, crewmembers, and other individuals and their accessible property (carry-on items) before boarding in accordance with 
security procedures approved by TSA. 

2. Except where there is a security program under 1544 or 1546 in place, CFR Part 1550.7(b) Procedures, notes that any person conducting an operation above 12,500 lbs must conduct a 
search of the aircraft before departure and screen passengers, crewmembers, and other persons and their accessible property (carry-on items) before boarding in accordance with security 
procedures approved by TSA. 

38. The Known Shipper program applies aircraft operators operating under a full program under §1544.101(a) and to each aircraft operator with a TSA security program approved for transfer of 
cargo to an aircraft operator with a full program or a foreign air carrier. 
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AIRCRAFT OPERATOR SECURITY PROGRAMS 


Each aircraft operator must have an approved security program describing the 
facilities and equipment under its control and the specific security responsibilities. 
This includes geographic boundaries of exclusive areas, equipment used to screen 
passengers, carry-on baggage, checked baggage and cargo, and other factors. 
Security programs are approved and amended in the same manner as those for 
airport operators. 

An initial security program for a new aircraft operator must be submitted for 
approval at least 90 days before start of passenger operations. The TSA then has 
30 days to approve or give the aircraft operator written notice to modify the pro- 
gram. The aircraft operator can then either comply with the request to modify the 
program or appeal to the TSA administrator within 30 days of receiving the request. 
Amendments to existing security programs requested by the aircraft operator must 
be filed with the TSA at least 45 days before the effective date of the change. If 
the TSA denies a proposed amendment, the aircraft operator has 30 days to appeal 
the decision to the TSA administrator. Amendments to a security program 
requested by the TSA provide for 30 days advance notice to an aircraft operator.” 

The TSA may issue an emergency amendment with which an aircraft operator 
must immediately comply. The aircraft operator may appeal the conditions of the 
emergency amendment but must comply with the conditions during the appeal. 
Emergency amendments are usually used with foreign air carriers as they are not 
allowed to receive sensitive security information (security directives issued to 
domestic airport operators and air carriers are always classified SSI). 


AIRCRAFT OPERATOR SECURITY OPERATIONS AND SCREENING 
RESPONSIBILITIES 


Subpart C of Title 49 CFR Part 1544 Operations details the day-to-day require- 
ments for aircraft operators. It includes sections on personnel identification systems, 
personal and property screening, law enforcement personnel, exclusive areas, flight 
deck privileges, and the Known Shipper program (related to air cargo). Many of 
the requirements reviewed in this section can be met by other entities, such as the 
TSA (screening) and airport management (law enforcement support). 

Either the TSA or an authorized private screening firm within the United 
States generally conducts screening. Nevertheless, it is the regulatory responsibil- 
ity of the aircraft operator to ensure that it uses measures to prevent or deter the 
carriage of any weapon, explosive, or incendiary device on a person or carry-on 





?The TSA largely conducts the screening of individuals, carry-on baggage, checked baggage, and 
cargo in the United States. However, it is still the responsibility of the aircraft operator not to let 
any individual, bag, or cargo item onboard its aircraft unless the proper screening process has been 
conducted. 

“This regulation applies when the TSA does not manage screening and the airport operator does 
not meet LEO requirements as prescribed in CFR Part 1542.215. 
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baggage before the person or bag boards an aircraft or enters a sterile area. The 
aircraft operator has little involvement with physical screening when the TSA or 
an authorized US-owned company conducts screening. When a US air carrier is 
operating in another nation or at certain small air carrier stations within the 
United States, the aircraft operator must still ensure that all applicable measures 
are taken to properly screen individuals and carry-on baggage. Aircraft operators 
are obliged to deny transportation to anyone who refuses to submit to screening. 

All-cargo aircraft operators who carry passengers (called supernumeraries) 
must ensure that only authorized passengers and their carry-on baggage are 
allowed to board and that they do not bring any weapons, explosives, incendiar- 
ies, or other destructive devices, items, or substances onboard. Although all-cargo 
operators primarily carry cargo, there are occasions when they carry passengers, 
airline employees, animal handlers, hazardous materials supervisors, and those 
needed to accompany the carriage of human organs. 

Aircraft operators under a full security program, an all-cargo program, or a 12-5 
program must ensure that cargo placed within the holds of their aircraft are properly 
screened and inspected to prevent or deter the carriage of unauthorized persons, 
unauthorized explosives, incendiaries, and other destructive substances or items in 
cargo onboard an aircraft. Aircraft operators are obliged to maintain the integrity of 
any cargo from the time it is accepted until it is delivered to a proper entity. 
Operators must ensure that unauthorized explosives, incendiaries, and other destruc- 
tive substances are not introduced to the cargo container, and they must refuse to 
transport any cargo that has not been subjected to the proper screening protocols. 
Further, cargo may only be accepted from a shipper with a security program, such 
as an indirect air carrier, similar to the aircraft operator’s security program. 

The TSA distinguishes between the terms screened and inspected. Screened 
means some form of vetting that is not necessarily a physical inspection (ie, the 
Known Shipper program), and inspected means a physical inspection of a parcel 
by explosive trace detection (ETD), K-9, or other approved means. The regulation 
requires that parcels be screened and inspected. It is up to the TSA and the 
aircraft operator to determine what measures an aircraft operator must undertake 
to be in compliance with this section.* 

Subpart E of Title 49 CFR Part 1544 addresses screener qualifications when 
the aircraft operator performs the screening. Aircraft operators/screeners must 
meet similar qualifications as TSA screening personnel. They must also complete 
at least 40 hours of classroom instruction, pass a screener readiness test, complete 
60 hours of on-the-job training and testing, and pass an on-the-job exam before 
they are allowed to conduct screening independently. Screeners cannot conduct 
screening duties while under an impairment such as illegal drugs, sleep depriva- 
tion, medication, or alcohol. 





*As of January 2007, the US Congress has been assessing whether to require the physical 
inspection of all cargo that is carried by a commercial aircraft through the use of explosive 
detection system (EDS), ETD, K-9, or some other approved method. 
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AIRLINE SECURITY COORDINATORS 


Each aircraft operator must appoint an AOSC who is the primary point of contact 
to the TSA. This position is similar to the ASC in terms of responsibilities, but 
the AOSC’s span of control is much larger. AOSCs must manage security 
programs for operations with dozens of remote locations across the United States 
and, for larger airlines, the world. The AOSC receives and disseminates security 
directives and information circulars and works with the ASCs at each airport to 
ensure compliance with security regulations and procedures. The AOSC also 
audits the hub and station security programs to ensure uniformity with the airline 
program for passenger, baggage, and cargo operations. At large airlines, the 
primary AOSC is often assisted by other security managers at the airlines’ major 
hubs. Airline station managers are responsible for the operation of an airline at 
each hub or station and assume certain security responsibilities, which vary from 
airline to airline. 

The AOSC oversees the airline’s security program and works with the TSA to 
ensure compliance with the program and the regulations. AOSCs may also work 
with the US Secret Service and the Department of State for the transport of digni- 
taries and with any other government agencies such as the Drug Enforcement 
Agency (DEA) and the Federal Bureau of Investigation (FBI). 

Each flight has a GSC responsible for the security of that flight. GSCs must 
review all security-related functions for which the aircraft operator is responsible, 
including the AOSSP and applicable security directives. GSCs correct each 
instance of noncompliance as determined by the TSA. At foreign airports where 
the government or a contractor provides security, the GSC must notify the TSA 
for assistance in resolving noncompliance problems. 

The GSC can be a distinct job (more common at large airlines) or a collateral 
duty for a gate agent or cargo agent at low-cost and smaller airlines. GSCs are 
trained in many areas including the transportation of hazardous materials and the 
identification of prohibited weapons and explosives and in bomb threat and 
hijacking management procedures. Their primary responsibilities are to resolve 
security-related conflicts between gate agents and passengers, liaison with the 
airport operator during security incidents, intervene in disruptive passenger situa- 
tions, oversee baggage- and cargo-handling acceptance procedures, and act as the 
primary contact for the airline in a security incident until relieved by a higher 
authority. 

GSCs are required to make a pilot-in-command (PIC) aware of any security 
issues related to a flight, and they often work with a PIC on security problems 
(eg, a passenger leaving bullets on an aircraft that are subsequently found during 
a cabin search). It may seem as though the TSA would intervene in such a situa- 
tion. However, more than 600 million passengers travel every year. The average 
rate of prohibited items identified by screeners is about 80%, meaning that 20% 
of prohibited items get through screening. Sometimes passengers do not realize 
they still have prohibited items until after boarding a plane. Not wanting to be 
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caught, nor wanting to confess, they leave the item somewhere in secured areas 
or onboard the aircraft. Because of the relatively large frequency of these cases, 
the GSC and PIC handle many of these minor security issues. 

Before 9/11, GSCs were present at all screening operations. Today, GSCs 
are occasionally called to screening checkpoints to determine if a passenger car- 
rying a prohibited item may check an item into checked baggage. GSCs in most 
locations no longer staff positions at security checkpoints because the TSA is 
responsible for activities at a checkpoint. GSCs and crewmembers must com- 
plete annual security training as outlined in the airline’s security program. The 
content of such training is considered SSI. ISCs and crewmembers must com- 
plete an advanced qualifications program approved under Special Federal 
Aviation Regulation 58 in 14 CFR Part 121, which includes security training 
required by 14 CFR 121.417(b)(3)(v) or 135.331(b)(3)(v)—covering hijackings 
or other unusual situations. 

LEOs traveling armed and special procedures for flights departing for Israel or 
into Reagan National Airport are examples of other situations that GSCs are 
trained to handle. GSCs watch to ensure that passenger boarding doors are 
secured when not in use and that all security procedures are being followed. 

The PIC has final responsibility for the safety and security of a flight and its 
passengers. The PIC acts in the capacity of the JSC on each flight.” The ISC 
receives a security briefing before each flight, both from the GSC and through 
preflight briefings. For practical purposes and to the extent possible, the PIC is 
“in charge” of security-related incidents onboard the aircraft during flight, includ- 
ing hijackings. During a hijacking, the PIC may also be a hostage and his or her 
ability to command, lead, and coordinate security activities will be severely 
affected. In such situations, law enforcement will typically treat the PIC and other 
flight crew personnel as hostages and make decisions on their behalf. The ability 
of the PIC to handle in-flight security issues is also hampered in the post-9/11 
era. Previously, it was common for the PIC to exit the cockpit to attempt to han- 
dle a security situation in the cabin. Since 9/11, the PIC and all required flight 
crew personnel are now expected to stay in the cockpit, particularly during the 
time of a security incident in the cabin. 

In some cases, a member of the flight crew may be trained as a federal flight 
deck officer (FFDO). However, FFDOs are not allowed to exit the cockpit to 
deal with a situation in the cabin. The FFDO jurisdiction ends at the cockpit 
door, although there have been some attempts by groups to extend FFDOs’ 
jurisdiction into the cabin and even into the airport and beyond. FFDOs only 
undergo | week of training in a specific function, not the 14 weeks of training 
that actual federal agents undergo at the Federal Law Enforcement Training 
Academy, or 18—20 weeks for DEA or FBI agent training. The events of 9/11 
make it clear that the integrity of the cockpit door is an essential layer of the 





This responsibility kept Captain John Testrake and his crewmembers from attempting to escape 
into the streets of Lebanon during the hijacking of their aircraft in 1985. 
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security system. Therefore, the flight crew remains in the cockpit with the door 
locked as much as possible while in flight, only exiting in an emergency (not a 
security situation) or to use the restroom—in which case secondary flight deck 
barrier measures are used. The PIC has the final authorization as to whether a 
passenger will be allowed onboard an aircraft and whether to land the aircraft 
and de-board a passenger he or she deems a threat to the safety of the flight or 
other passengers and flight crew. The airline security manager, GSCs, and pilots 
form a team for each flight and often have overlapping duties to ensure the 
security of each flight. 





LAW ENFORCEMENT OPERATIONS RELATED TO AIRLINE 
SECURITY 


LAW ENFORCEMENT PERSONNEL 


Law enforcement requirements prescribed in Parts 1542.215 and 1542.217 must 
still be met where an aircraft operator conducts passenger operations at domes- 
tic airports not required to have a security program under Part 1542. This 
includes certain aircraft operators with full or partial security programs, 12-5 
programs, all-cargo programs, private charter programs, and passenger opera- 
tions at foreign airports. These requirements address the availability and training 
for LEOs. Specific response times and numbers of available LEOs are addressed 
in the aircraft operator security program and are considered SSI. Where LEO 
support is not available, the aircraft operator must coordinate with the TSA to 
provide such support. The aircraft operator must ensure that its employees, 
including crewmembers, have the training and resources to contact LEO support 
when needed. 


CARRIAGE OF FIREARMS IN CHECKED BAGGAGE 


Federal regulations require that firearms must be unloaded and carried in a hard- 
sided locked container. Only the person checking in the firearm can have the 
combination or key. Furthermore, the firearm must be declared at the ticket 
counter and stored on the aircraft such that it is not accessible to passengers. 

Aircraft operators may require additional policies regarding the transport of 
firearms in checked baggage. Some aircraft operators allow ammunition to be 
stored in the same container but not loaded into the firearm. Some aircraft opera- 
tors require advance notice upon booking a flight on which a passenger will be 
bringing a firearm. The transport of ammunition is covered in Title 49 CFR Part 
175, which addresses the carriage of hazardous materials onboard aircraft. 
Ammunition must be kept separate from any flammable liquids or solids. 

As a practical matter, when a passenger declares that he or she is placing a 
firearm into checked baggage, a qualified screener reports to the ticket counter 
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and immediately inspects the firearm, and then the container is locked and placed 
in checked baggage. This prevents personnel conducting checked-baggage screen- 
ing (which may or may not be located in the ticket counter or lobby area) from 
opening the container without the owner present. 


CARRIAGE OF ACCESSIBLE WEAPONS 


This section addresses the carriage of accessible weapons (by passengers) onboard 
a commercial service aircraft. Generally, the only individuals authorized to carry 
a loaded firearm onboard are LEOs. 

For flights requiring screening, an LEO must be a federal LEO or a full-time 
municipal, county, or state LEO who is a direct employee of a government 
agency. This individual must be sworn and commissioned to enforce criminal sta- 
tutes or immigration statutes. The individual must be authorized by the employing 
agency to have the weapon in connection with assigned duties and must have 
completed the training program: Law Enforcement Officers Flying Armed (see 
https://www.tsa.gov/travel/law-enforcement). A federal agent (whether or not on 
official travel) carrying the proper credentials is not required to show any other 
reason for carrying a weapon onboard, provided he or she is armed in accordance 
with an agency-wide policy governing that type of travel established by the 
employing agency by directive or policy statement. 

An LEO must have a need to have access to the weapon during flight to carry 
it on the flight. This could include being on protective duty assigned to a principal 
or advance team, on travel requiring preparation to engage in a protective func- 
tion, conducting a hazardous surveillance operation, on official travel to report to 
another location, armed and prepared for duty, controlling a prisoner, in accor- 
dance with other stipulations in Part 1544.221, or on a round-trip ticket returning 
from escorting or traveling to pick up a prisoner. 

Armed LEOs must notify aircraft operators of the flights on which an acces- 
sible weapon is needed at least 1 hour, or in an emergency as soon as practica- 
ble, before departure. LEOs present identification to the ticket agent, generally 
an LEO’s agency ID card that must include a clear full-face picture, the armed 
LEO’s signature, and the “letter of authority.” State, local, territorial, tribal, and 
approved railroad LEOs flying armed must submit a National Law Enforcement 
Telecommunications System (NLETS) message prior to travel to receive the 
letter of authority. The NLETS message replaces the original letter of authority, 
commonly referred to as the “chief’s letter.” Presentation of an LEO badge or 
shield cannot be used as the sole means of identification. If the armed LEO is 
an escort for a foreign official, then the US State Department provides such 
documentation. 

Aircraft operators must inspect the documentation presented and advise the 
LEO of procedures unique to the airline. The aircraft operator must ask the LEO 
to confirm completion of the Law Enforcement Officers Flying Armed training 
program as required by the TSA, unless specifically exempted by the TSA. The 
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Law Enforcement Officers Flying Armed training is a 1.5- to 2-hour block of 
instruction that is comprised of a structured lesson plan, slide presentation, FAQs, 
NLETS procedures, and applicable codes of federal regulation. The aircraft opera- 
tor must ensure that the GSC knows the identity of the armed LEO and must 
notify the PIC and other appropriate crewmembers of the location of each armed 
LEO aboard the aircraft. All armed LEOs, including federal air marshals, must be 
notified of each other’s seating on a flight. For flights where screening is not con- 
ducted, LEOs may carry weapons onboard provided they are federal LEOs or 
full-time municipal, county, or state LEOs who are direct employees of a govern- 
ment agency. They must also provide the proper notification to the aircraft opera- 
tor and present proper credentials. 

LEOs traveling armed must not consume any alcohol while on the flight or 
board the flight armed having consumed alcohol within 8 hours before the flight. 
When traveling armed, LEOs not in uniform must keep the firearm concealed on 
their person or within reach; if in uniform, they must keep the firearm on their 
person at all times. 

The practical application of this section varies with each airport’s security pro- 
gram and each aircraft operator’s security program. An LEO intending to fly 
armed will declare such intent at the ticket counter. Some airlines require that 
LEOs flying armed notify the airline when booking the flight and present the 
proper credentials and documentation. The LEO does this again at the screening 
checkpoint, to a TSA supervisor. At some airports, an LEO assigned to the airport 
will provide the vetting at the screening checkpoint for another LEO traveling 
armed. LEOs traveling armed are not subject to screening, provided all other 
conditions of this section have been met. 

The TSA will issue a specific alpha-numeric unique federal agency number 
for each federal law enforcement agency or entity or other organization, including 
those performing personnel security detail missions, as approved by the TSA. 
This number will be known only to the respective agency and the TSA. This iden- 
tifier will be verified at the airport LEO checkpoint prior to granting the LEOs 
access to the sterile area for the purpose of flying armed. 


PRISONER TRANSPORT 


Prisoners are classified as high or low risk. A high-risk prisoner presents an 
exceptional escape risk, as determined by the law enforcement agency, and has 
been charged with, or convicted of, a violent crime. A low-risk prisoner is any 
prisoner who is not classified as high risk. An aircraft operator may not carry a 
prisoner unless he or she has been classified as either high risk or low risk by the 
proper agency. For low-risk prisoners, at least one armed LEO must accompany 
the prisoner for flights that are shorter than 4 hours. One armed LEO can escort 
no more than two low-risk prisoners. A minimum of two armed LEOs is required 
for flights longer than 4 hours for one or two low-risk prisoners. 
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Table 8.3 Ratio of LEOs Required to Prisoners Transported 


Number and Type of Prisoners Required Number of LEOs 


One or two low-risk prisoners; flight shorter than 4 hours 1 
One or two low-risk prisoners; flight longer than 4 hours 2 
One high-risk prisoner 2 
Two high-risk prisoners (only with TSA approval) 3 





Only one high-risk prisoner may be carried on any particular flight and must 
be escorted by two armed LEOs. The LEOs must have no other prisoners under 
their charge during this time. The TSA can approve more than one high-risk pris- 
oner on a specific flight provided that there is a minimum of one armed LEO for 
each prisoner and one additional armed LEO (Table 8.3). 

LEOs escorting a prisoner must notify the aircraft operator at least 24 hours 
before departure, or as far in advance as practicable, and advise the airline of the 
identity of the prisoner and whether he or she is high risk or low risk. The LEO must 
arrive at least 1 hour before the departure time of the flight and ensure that the pris- 
oner has been thoroughly searched. The LEO must be seated between the prisoner 
and the aisle and must accompany the prisoner at all times during the flight. Ideally, 
prisoners should be boarded first and deplane last, and they should be seated in the 
farthest rear section of the plane possible, but not near any exits. LEOs must ensure 
the prisoner is properly restrained from using his or her hands, but the use of leg 
irons is not permitted as the prisoner must still be able to egress the aircraft in an 
emergency. Leg irons would hamper egress of the prisoner and, potentially, other 
evacuating passengers and flight crew. Prisoners must not be provided with eating 
utensils (unless approved by the escorting LEO) or be provided with alcohol. 


TRANSPORTATION OF FEDERAL AIR MARSHALS 


Aircraft operators are required to carry federal air marshals on any scheduled 
passenger or public charter flight on a first-priority basis and without charge 
while on duty, including the repositioning of flights and in the seat requested by 
the air marshal. The TSA determines the number of air marshals required on a 
flight. Federal air marshals are required to identify themselves to an aircraft oper- 
ator using their credentials (photo ID card)—a badge or shield is not adequate 
identification. Aircraft operators are required to keep confidential the location and 
identity of all federal air marshals onboard a flight. Federal air marshals directly 
contact and coordinate with other armed LEOs on each flight. 


SECURITY OF THE AIRCRAFT ON THE GROUND AND IN FLIGHT 


Aircraft operators must ensure that unauthorized personnel are unable to access 
the air carrier’s aircraft, associated facilities (hangars, administrative areas that 
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may have access to aircraft, etc.), and exclusive areas. Air carriers must conduct a 
security inspection of each aircraft if the aircraft has not been previously 
protected in accordance with the aircraft operator security program. Air carriers 
conduct a daily inspection of each aircraft that has been out of service before 
returning it to passenger operations. 

Aircraft searching is an effective method of deterring hijackings and bomb- 
ings. Aircraft searches are done by a combination of flight crew and cabin 
cleaners before each scheduled departure. Crewmembers conducting a thorough 
search of an aircraft may discover hidden weapons or explosives between flights. 
For example, in 1995, Ramzi Yousef’s plan to destroy 12 commercial US airli- 
ners on over-the-water international routes assumed such searches would not be 
conducted. Yousef and his operatives intended to hide explosives beneath passen- 
ger seats and then de-board at a stopover. Their expectation was that the aircraft 
would then take off again, with the explosives detonating while the aircraft were 
over the Pacific Ocean. The loss of life and 12 aircraft would have been 
catastrophic. Yousef had successfully tested the concept on an earlier flight, kill- 
ing a Japanese executive, but in this instance, a cabin inspection prevented the 
catastrophe. 

Protecting the flight deck is critically important! Aircraft operators are 
required to restrict access to the flight deck for all aircraft having a cockpit door, 
in accordance with the operator’s security program. This restriction does not 
apply to federal air marshals, certain FAA and National Transportation Safety 
Board personnel such as check pilots and investigators, and US Secret Service 
personnel. 


IN-FLIGHT SECURITY 


There are several dynamics that must be accounted for with respect to aircraft in 
flight that experience an unlawful interference, including whether the pilot should 
attempt to use violent maneuvers to knock a hijacker or assailant off balance, 
whether the passengers should attempt to retake a hijacked aircraft, and how to 
relocate a device that is suspected to be an explosive device to a “safer” area of 
the aircraft. 

In May 2003, an individual attempted to overtake an aircraft using sharpened 
wooden stakes, with the intent of crashing the aircraft into the Walls of Jerusalem 
National Park to deliver his souls and the souls of the passengers to the devil, to 
bring about Armageddon (Baum, 2011). Had he been successful, several indivi- 
duals would have lost their lives and nothing related to al-Qaeda or any other 
terrorist organization would have had anything to do with it. It demonstrates that 
the attackers’ perspective need not make sense, or that he or she is even thinking 
clearly. The hijacker demonstrated that using a low-tech tactic on a low-risk 
domestic route still presents a risk to aviation security. The individual had also 
tried to rush the cockpit on another flight 4 months earlier—in both cases flight 
attendants and flight crew prevented the takeover of the plane (Baum, 2011). 
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To address the threat of an aircraft being bombed, every commercial airliner 
has an identified least-risk bomb location (LRBL), which is the safest part of the 
aircraft for an explosion to take place. This location is usually near a natural open- 
ing, such as the rear doors. The use of the LRBL is upon discovery or notification 
of an improvised explosive device (IED) on board the flight. Unlike a suspicious 
device found in the airport, it is often considered better to relocate a suspicious 
item on an aircraft with the assumption that it is not triggered by motion (otherwise, 
how was it brought onto the flight, armed, and not detonated through the aircrafts’ 
movement), and that it is better that an explosion take place at an area that is 
already designed to have a hole in it. Another consideration is that very rarely will 
an individual make a bomb, put it on a commercial flight, and then call in a bomb 
threat. If one goes to so much trouble to make the device, why would they then 
notify the aircraft operator of its presence? However, as we have seen earlier, the 
motives of criminals, terrorists, and others do not have to make sense. 

In addition to relocating the device, flight attendants will use luggage and 
other items to create a blanket or buffer around the suspected device to mitigate 
the blast effect should it detonate. Bomb blankets are available commercially for 
just such an incident, but are not always found on a commercial flight. 

Other considerations for flight crew include whether passengers or crew 
should attempt to retake a hijacked flight. Many in the United States after 9/11 
believed that this was a foregone conclusion, but as many hijackings subsequent 
to 9/11 have shown, this is not always the case. On Sep. 9, 2009, an individual 
hijacked an AeroMexico flight, by himself. Passengers did not attempt to attack 
or overtake the hijacker. The hijacker threatened that he had a bomb, which was 
apparently enough to achieve compliance by the passengers and flight crew. In 
2016, another individual hijacked a flight out of Egypt, with a device that 
appeared to be a bomb, but was only a collection of various objects, put together 
to resemble a suicide bomber’s vest. In that case as well, the passengers did not 
attempt to stop the hijacker. 

There are too many variables in a hijacking scenario for any hard-and-fast stan- 
dard operating procedures to dictate a course of action. The PIC will have to make 
a best judgment as to how to handle a hijacking and also how to react to the actions 
of passengers. If it does not appear to be a hijacking to use the aircraft as a weapon 
of mass destruction, there are other dynamics to watch for such as the London 
syndrome, the Stockholm syndrome, the Lima syndrome, and the John Wayne syn- 
drome (Baum, 2011). The London syndrome occurs when a passenger’s words or 
actions brings the wrath of the hijackers down on the individual, usually resulting 
in the beating or death of the passenger. This should be avoided. The Stockholm 
syndrome occurs when the hostages feel sympathy for the hostage-takers. First 
responders must take this syndrome into account when dealing with hostages, 
particularly during negotiations and during any rescue attempt. The Lima syn- 
drome, generally desired, occurs when the hostage-taker becomes sympathetic to 
the hostages. Uli Derickson cultivated this during the hijacking of TWA Flight 847 
(Baum, 2011). The John Wayne syndrome occurs when individuals feel helpless in 
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a situation they believe they should be doing something about (usually this occurs 
to males during a hostage crisis). Flight crew personnel particularly should watch 
for signs of this syndrome and remember that they have an important role to play, 
and that while active or physical intervention may at some point be necessary, they 
should do so based on opportunity and, ideally, preplanning and coordination with 
others, not go “flying off the handle.” 

Flight crewmembers have other options to handle an in-flight security emer- 
gency, such as a hijacking. One possibility is aggressively maneuvering the 
aircraft to knock a hijacker off balance. This has been done several times as a 
method to allow passengers to get the upper hand on a hijacker, most notably 
during the hijack attempt in 1970 of an El Al flight by Leilia Khaled, but also 
during the hijacking of a Brazilian Airlines flight in 1988, during the attempted 
hijacking of a FedEx flight in 1994, and during a 2007 hijacking of a Mauritanie 
flight. Most aircraft flight manuals and airline policies prohibit these types of 
maneuvers as a response to a hijacking, and pilots must also weigh the possibility 
of losing control of the aircraft or having the structure overstress and come apart 
during the process. 


OTHER AIRCRAFT OPERATOR SECURITY REQUIREMENTS 


Aircraft operators must conduct fingerprint-based CHRCs for any employee who 
conducts a covered function, which includes unescorted access authority, the 
authority to perform screening, or the authority to check baggage or cargo. These 
requirements are essentially the same as Part 1542.209 of the airport security reg- 
ulations requiring those operating within the SIDA to complete a fingerprint- 
based CHRC to ensure he or she has not been found guilty (or not guilty by 
reason of insanity) of 28 listed disqualifying offenses. 

Aircraft operators must also designate an individual to be responsible for 
conducting the CHRC, including receiving results on investigations from the FBI 
and conducting internal audits of CHRCs. Airport operators may accept the 
results of a CHRC conducted by an aircraft operator in the issuance of airport 
access/ID media, but this is up to the individual airport operator. Aircraft opera- 
tors are restricted from revealing the results of a CHRC to anyone but the individ- 
ual whose background was investigated, the TSA, or an airport operator with a 
“need to know” (ie, to receive an airport access/ID badge). Flight crewmembers 
must undergo a fingerprint-based CHRC. As a practical matter, aircraft operators 
frequently conduct a CHRC on their personnel and then attest to each airport 
operator where that employee is required to obtain an SIDA access/ID badge that 
the individual has passed the CHRC. Some airport operators will still require the 
aircraft operator employee to undergo another CHRC to ensure that the correct 
procedure has been completed before issuing an airport access/ID badge. 

Within an aircraft operator exclusive area, aircraft operators must establish 
and carry out a personnel identification system that is approved for use in the 
exclusive area. The personnel identification requirements are the same as in 
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the airport security regulations under Title 49 CFR Part 1542.211. Aircraft 
operators must conduct yearly audits and include measures to retrieve expired 
ID, report lost or stolen ID, and secure unissued identification media stock. 
Temporary IDs may also be issued. 


Training 

Aircraft operators must provide SIDA training for their personnel and any addi- 
tional security training that may be required under the AOSSP. Any employee 
with security duties must also be provided with information regarding applicable 
security directives and information circulars. 


Contingency and incident management planning 


Aircraft operators must have contingency plans in the event of increased security 
levels required by a higher level of the color-coded Department of Homeland 
Security (DHS) alert system. Regulations require aircraft operators to participate 
in airport-sponsored contingency plan exercises; however, as a practical matter, 
aircraft operators at major airports often alternate their participation in airport- 
sponsored exercises with other aircraft operators at the airport. Aircraft operators 
are required to have programs in place to handle threats that may be received, 
such as a bomb threat or the location of a suspicious object onboard an aircraft, 
and to have procedures in place to handle hijackings. 


Receipt of air cargo 


Aircraft operators are prohibited from carrying cargo unless that cargo is received 
from a known shipper meeting the requirements of the AOSSP. Any cargo 
received from an unknown shipper must be separated from cargo received by a 
known shipper and screened before being loaded onto an aircraft. 


AIRLINE SECURITY ISSUES 


Just as the airport security department has its own unique challenges and charac- 
teristics, so do airline security departments. General differences between airport 
and airline security departments include personnel (airlines generally employ 
more people than an individual airport), financial (airports are generally nonprofit 
and airlines are usually for-profit), and customer base (airports serve a variety of 
stakeholders including the airlines, vendors, passengers, contractors, and others, 
and airlines generally serve just passengers and cargo customers). Airports also 
have a smaller span of control than airlines in relation to security concerns. 
Airlines may have stations and bases all over the world that require security man- 
agement and response. An ASC is usually concerned with security at one airport 
and can respond to situations firsthand. Airline employees usually have a higher 
level of contact with passenger bags, and cargo security managers are faced with 
issues such as baggage and cargo theft and narcotics trafficking. 
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Airlines have the responsibility and challenges of maintaining a high level of 
security while carrying thousands of passengers in a highly competitive industry. 
Passengers may choose other airlines or other modes of transportation—vehicle, 
rail, bus—or may not travel at all and use teleconferencing. With thousands of 
passengers every day, airlines must be prepared to handle issues such as air rage 
and on-board medical emergencies. These require that flight and cabin crews be 
trained in handling such events. 


POSITIVE PASSENGER/BAGGAGE MATCHING 


The ATSA of 2001 mandated that PPBM be used for all domestic and interna- 
tional flights. The PPBM process is no longer required in the United States as all 
checked baggage is screened either through EDS, ETD, physical inspection, or 
canine inspection. 


CATERING AND VENDOR SERVICES 


Another avenue to hide prohibited items onboard an aircraft is through the cater- 
ing stores or others who have access to the aircraft to maintain and restock service 
items. Catering provides an opportunity for an individual to conceal an IED 
within the catering stock for loading onto an aircraft. Security of catering begins 
with the employment of food services personnel and management. Extensive 
background checks are needed to ensure individuals have no criminal history, are 
legal residents, and do not have past affiliations with terrorist or organized crime 
groups. For catering personnel with access to the SIDA or the aircraft, a CHRC 
must be completed before the person is allowed unescorted access to either. 

Catering and vendor facility security is also important. Visitors to flight kitch- 
ens and catering facilities should be verified and authorized, and then issued visi- 
tor’s identification and be accompanied by a staff member throughout the time 
they are in the facility. Additional facility security should be considered, such as 
closed-circuit television (CCTV) monitoring of the food preparation and packag- 
ing areas and an access control system that requires authorized personnel to pres- 
ent an access/ID badge to access food preparation and storage areas. Outside and 
in loading areas, trucks and vans used for food delivery should be monitored for 
tampering and theft when they are not in use. 

Food and utensils need to be prepared in a secure area within the flight 
kitchen, then packaged, sealed, and transported to the aircraft. Seals must not be 
tampered with and the integrity of the transport trucks must be maintained 
throughout delivery. Within the flight kitchen, security, supervisory, and manage- 
ment personnel must be alert for employees attempting to introduce unauthorized 
substances or items into the packaging. Other food preparation personnel need to 
be aware of the potential of other employees smuggling unauthorized items within 
the packaging areas and know how to report such behavior. Once packaged at the 
flight kitchen, security personnel should monitor the loading of the catered goods 
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onto trucks. Trucks and personnel responsible for moving catered goods should 
be inspected and searched before accepting the goods each time they enter 
SIDAs. Random inspections should also be conducted using ETD, EDS, or physi- 
cal inspections. 

A particular challenge in securing catering goods is that catering personnel, 
such as loaders and drivers, often carry items such as box cutters that are nor- 
mally prohibited in SIDAs and other sterile areas. Catering personnel should be 
required to register prohibited items that are essential for the job and be responsi- 
ble for keeping track of those items. Periodic audits can be conducted to ensure 
that catering personnel are only carrying those items they are authorized to carry. 
The aircraft operator should also monitor catering personnel while they stock 
catered goods onboard an aircraft. A flight attendant often does this. 


AIRLINE SECURITY STAFF OPERATIONS AND ISSUES 


Airlines are major corporations with thousands of employees; they must handle 
general security and loss prevention issues similar to those of any large corpora- 
tion. The corporate security responsibilities of an airline include dealing with dis- 
gruntled employees, protection of airline facilities, employees with addictions, 
employees with mental illness challenges, baggage and cargo theft, pilfering of 
airline assets, abuse of flying privileges, assault, intimidation, cybersecurity, and 
general loss prevention. With virtually any business there is a level of theft—by 
employees, by customers, or by others who interact with the company or its 
employees. The airline industry has additional challenges to loss prevention mea- 
sures as aircraft travel across state and country boundaries. Airline stations are 
often far removed from their headquarter offices and operate more independently 
and without much oversight. Narcotics smuggling and baggage theft rings are 
important issues for airline security managers. 

Millions of dollars of personal belongings are entrusted to airlines every day, 
and unfortunately the reputation airlines have of losing bags works in the favor of 
those attempting to steal from a bag. When a bag is checked, the owner of the 
bag gives up control for the duration of the process. With so many bags being out 
of sight of the owners, the opportunity for theft is significant. Organized bag theft 
rings routinely move around the country. Airline security personnel find them- 
selves working frequently with the FBI and other law enforcement agencies in an 
attempt to stave off these bag theft rings. Many rings consist of individuals who 
can pass a CHRC and are hired by the airline to work as a baggage handler. 
These rings attempt to move on after a short time and after many goods have 
been stolen, and before the police and federal agents can catch up with them. 
Good internal security is fundamental to reducing the impact of baggage theft. An 
employee-reporting system for reporting suspicious activities together with CCTV 
to monitor baggage sort and cargo storage areas, along with working with police 
and federal agencies, can reduce the loss an airline experiences from theft. 
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The advent of the Internet and online sales web sites have provided another 
means to anonymously offload stolen goods, Unfortunately, bag theft involves air- 
line and airport employees and TSA personnel, who then attempt to sell stolen 
property on eBay or other web sites: 


1. In Chicago in 2005, an airline employee was charged with stealing electronic 
recording equipment off an aircraft and selling it on eBay.° 

2. More than 60 TSA screeners at 30 airports were arrested as of November 
2004 on suspicion of bag theft. The TSA has settled 15,000 passenger 
claims and paid out more than $1.5 million in damages (ABC News, 
2004). 

3. In Washington State, camera surveillance caught a TSA screener rummaging 
through a passenger’s bag, then taking the passenger’s prescription 
medication, literally opening the bottle and popping a pill in her mouth 
(ABC ActionNews, 2005). 

4. In New York City, four screeners were convicted on theft charges, including 
the theft of cameras, laptops, and cell phones (ABC ActionNews, 2005). 

5. In Los Angeles in 2012, more TSA personnel were arrested on drug and 
bribery charges and according to a Los Angeles Times article in 2011, 500 
TSA personnel have been arrested on suspicion of theft (Forgione, 2011). 
With a screener staff of over 50,000, that is less than 0.01%, but many 
passengers expect a higher standard from a federalized security workforce. 

6. In 2015, two airline workers were arrested in a gun smuggling operation 
between Atlanta/Hartsfield International Airport and John F. Kenney 
International Airport. 


Baggage theft is particularly difficult to investigate as several individuals 
including airline employees and TSA screeners handle a passenger’s baggage 
after it is checked as luggage. Although passengers can lock their bags with a 
lock, it must be a TSA-approved lock and only TSA screeners are supposed to 
have a key. Breaking the lock or the zipper it is attached to can snap many locks, 
and they can also be picked. The construction of inline baggage systems, which 
greatly reduces the handling of baggage by human hands, is one method for 
reducing baggage theft. 

Another form of baggage theft occurs at the baggage claim areas as bags 
are returned to their owners. Airports and airlines often do not require that 
each bag claimed be matched with the passenger’s baggage claim tag as the 
level of theft in this area is relatively low compared to the cost of establishing 
secure areas around baggage claim and hiring more personnel to check the 
bags and claim tags. Often, a security presence is enough to deter theft at 
baggage claim carrousels. Common sense works in our favor here as well. 





©After the theft, friends chided the rightful owner that he was going to see his belongings on eBay. 
The owner logged on to eBay later that night, saw his own belongings up for bid, then notified the 
police. 
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Although it is easy for a criminal to walk into a baggage claim area and grab 
a bag, unless the criminal has prior knowledge of a particular bag, the criminal 
has no idea whether what he or she has stolen has any real value. The thief 
would probably end up with clothing, rather than laptop computers, jewelry, or 
anything of higher value. For bag theft to be beneficial to the thief, he or she 
must have time to go through at least a few bags and see if there are valu- 
ables. It is hard to do this discreetly in the middle of a baggage claim area, 
where the owner is likely searching for his or her bag. The baggage claim area 
is a public venue and open to robbers who do know what they are looking for, 
so it is more likely that bag theft in the public areas of an airport will be of 
laptop bags and briefcases, which are more likely to contain electronics and 
other valuables. 

The liquid bomb plot discovered in London in 2006, which caused passen- 
gers being required to place nearly every item, including laptops, MP3 players, 
DVD players, cameras, camcorders, and other high-value items that passengers 
usually take onboard, into checked baggage represented a huge economic risk 
to the airline industry. For a short period when passengers were forced to 
check such items, the financial impact to the airlines was significant with 
passengers reporting lost or stolen laptops and other electronic devices. This 
reinforces the need to assess the total impact of security decisions before 
implementing new prohibitions or solutions. With business passengers fearing 
the loss of their laptops, which often include proprietary or classified business 
materials, they sought other travel methods such as corporate or charter 
business travel. 

Drug smuggling is another area of concern, particularly with international 
flights. Airline security personnel often work with the DEA to help stop narcotics 
trafficking operations on their airlines. With the borders of the United States 
being more carefully watched, particularly for general aviation air traffic not on a 
flight plan, commercial airlines have become a widely used method of transport- 
ing illegal narcotics. Colombian drug trafficking organizations continue to smug- 
gle marijuana into New York and Florida using commercial airlines (National 
Drug Intelligence Center, 2002). Heroin is smuggled by commercial or private 
aircraft from South America and Mexico into the United States. In a 2003 report 
before the House Judiciary Committee, Subcommittee on Crime, Terrorism, and 
Homeland Security, Rogelio E. Guevara, chief of operations for the DEA, noted 
that couriers traveling on commercial airlines are the primary smugglers of 
Colombian heroin to the United States. Their primary entry points are Miami, FL, 
and New York City (DEA, 2003). 

In some cases, even federal air marshals can be involved in the illicit yet 
highly profitable drug trade. In April 2006, two air marshals pled guilty to 
accepting $15,000 to smuggle cocaine onboard a flight out of Las Vegas, NV, 
using their positions to bypass airport screening (Associated Press, 2006). Again, 
this is an area where employee vigilance can prevent or deter this type of 
activity. 
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AIRCRAFT SECURITY REQUIREMENTS 


Aircraft manufacturers spent, and continue to spend, a great deal of money and 
time after 9/11 making modifications to cockpit doors to meet new federal stan- 
dards. Previously, cockpit doors were no more difficult to get into than the doors 
to an airplane’s lavatory. Airlines had resisted strengthening the doors because of 
added weight and potential egress safety concerns in case of an aircraft emergency. 

Arguments were made that the cockpit door should remain unlocked to 
prevent a hijacker from threatening a flight attendant as leverage to get the door 
open, as occurred in TWA Flight 847. Conversely, a locked and reinforced cock- 
pit door may have prevented David Burke from shooting the pilots on PSA Flight 
1771 and downing that airplane. 

ATSA 2001 mandated that cockpit doors be strengthened and that access to 
the cockpit be strictly controlled. By strengthening, the government means mak- 
ing it harder to physically knock in the door or to punch or kick through it. Some 
doors have been strengthened to the point where they can withstand a small 
explosion. Bulletproofing the cockpit doors was not mandated because of the 
additional weight. 

With the doors strengthened, limiting the ability of individuals to force their 
way into the cockpit, there remain a few other methods for getting into the cock- 
pit, including waiting until a crewmember opens the cockpit door, coercion, or 
bypassing the locking method. Aircraft operators must implement procedures to 
ensure the cockpit is not invaded during the critical times when the cockpit door 
is opened for a short time, such as for a crewmember to use the bathroom, to 
swap crews on longer flights, or for food to be served. Many airlines use a simple 
method of bringing flight attendants to the front of the aircraft and then position- 
ing the food/drink cart sideways across the aisle; an individual attempting to jump 
over the food cart should be slowed down and this action also demonstrates intent 
to access the flight deck or do harm to crewmembers. During this process, a flight 
attendant will standby in the cockpit and open the door for the pilot when he or 
she needs to reenter, while allowing the other pilot to stay at the controls. For this 
method to be effective at preventing an intruder from entering the cockpit, the 
flight crew and flight attendants must still be able to overpower an intruder if an 
attempt is made. The food/drink cart is an obstacle, but its effectiveness is limited 
in preventing someone from entering the cockpit. 

At the request of some airlines, some aircraft manufacturers have installed 
reinforced curtains, which are pulled across the forward section of the cabin seat- 
ing area and locked. Steel cabling similar to a child-safety gate and that can be 
pulled across the front bulkhead area also can be used to protect the cockpit when 
the door is open. A secondary flight deck barrier provides a higher level of 
protection than a beverage cart. 

Coercion is commonly used in hijackings to access the cockpit. Intruders will 
take a flight attendant or passenger hostage and then demand access to the 
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cockpit, often beating the hostage until access is granted. No amount of strength- 
ening of the cockpit door will be able to stop an intruder who can successfully 
leverage the sympathy of the flight crew to gain access. Flight crewmembers are 
aware that they may have to make a decision whether to allow the hostage to be 
beaten and possibly killed, along with other hostages, versus allowing access to 
the cockpit where the aircraft may be used as a weapon on a ground target. 

Another method of accessing the cockpit is through a popular airline benefit 
known as jump-seating. General employees (not pilots or mechanics or dispatch- 
ers) of a particular airline can only occupy the flight deck jump-seat on a case- 
by-case basis, with the approval of the airline, the PIC, and the FAA through the 
use of FAA form 8430 (Title 14 CFR Part 121.547). Pilots of that airline can 
occupy the flight deck jump-seat with PIC approval. Offline airline employees 
may not ride in the flight deck jump-seat, except for offline pilots, who must first 
be approved through the Cockpit Access Security System, and also have PIC 
approval. 

The jump-seat pulls down from the front bulkhead at the back of the cockpit. 
It does not allow the occupant direct access to the flight controls. The 9/11 attacks 
and subsequent legislation placed new restrictions on the practice of jump- 
seating, but it does highlight the importance of conducting thorough background 
checks of airline employees and of monitoring the behaviors of such personnel. 
Flight crewmembers not comfortable with a particular individual in their cockpit 
have the right to not permit that individual to occupy a jump-seat. 

In 2015, a first officer of a Lufthansa/Germanwings flight took over the 
aircraft’s controls, locked the captain out of the cockpit when the pilot went to 
use the lavatory, then proceeded to crash the plane into the French Alps. Industry 
experts debated whether aircraft should be equipped with an override of some 
sort, so air traffic controllers or others on the ground could take the plane over if 
such a future attempt was made. However, the less costly (and from a cybersecur- 
ity perspective—less risky decision) is to have a flight attendant or other crew- 
member occupy the cockpit whenever one of the pilots is away. This practice is 
standard operating procedure in US aircraft, but is not a standardized international 
procedure. Fortunately, pilot suicides in this manner are rare. 


AIRLINE EMPLOYEE SAFETY 


Although terrorism is dominating the news, employee safety is often the concern 
of the day at airlines. An aircraft in flight is in a very remote location; often 
35,000 ft or more above the ground, traveling more than 400 miles per hour, and 
usually without law enforcement personnel onboard. This environment has a 
high-risk potential. Drugs, alcohol, and mentally disturbed individuals traveling 
alone exacerbate the potential. Not only are airline security personnel concerned 
with the safety of passengers during flight, but also the safety of their flight crews 
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both onboard and while staying in cities around the globe. In some countries, US 
citizens are particularly high-value targets, and airline flight crews in uniform are 
easy to spot. 


AIR RAGE 


Air rage has been around nearly as long as commercial aviation. Instances of air 
rage increased after airline industry deregulation in 1978. With deregulation, 
thousands of travelers who before could not afford air travel suddenly filled the 
skies and brought on a wave of new air carriers with various business models. 
Some airlines allowed first come—first served seating or did not have first class 
or business class, which meant the vacationing family would sit next to the busi- 
ness executive. The 1980s also saw dozens of airlines quickly go out of business, 
often leaving passengers with useless tickets or, in extreme cases, stranded away 
from home. Before deregulation, airline travelers had become accustomed to 
decorum about air travel—albeit more expensive, it did seem more “civilized.” 
Deregulation brought new problems and new travelers as suddenly air travel was 
as available and nearly as affordable as other forms of transportation. 

Air travel tends to be stressful. Travelers must often arrive hours early (partic- 
ularly post-9/11) to clear ticket counter and security screening lines, then wait for 
an hour or more for their flight to board, and often pay high prices for airport 
food and drinks. Security regulations change frequently and are subject to numer- 
ous interpretations. An item deemed acceptable at a passenger’s departure airport 
may be confiscated at another airport, increasing stress to the traveler. 
Overbooking, long waits at ticket counters, long waits and expensive food at air- 
port restaurants, and being completely outside of their normal day-to-day environ- 
ments all contribute to passenger stresses, and all occur before passengers board 
the plane. 

Onboard, travelers are subjected to cramped quarters, limited eating and enter- 
tainment options, and the perception of a lack of control. The combination of 
these factors makes the cabin of an aircraft a high-stress environment. Passengers 
also bring their own stresses onboard—for example, the business traveler trying 
to get work done, the parent traveling with a child who must go to the bathroom 
while the fasten-seat-belt sign is on, the military officer who has just spent a few 
weeks of liberty at home for the birth of a child and is heading back to duty in a 
volatile country, or the infrequent traveler who jumps every time the plane hits 
turbulence. Sometimes, the combination of these types of factors creates air rage. 
There is no official definition for the term air rage, but a commonly accepted 
definition is that it involves angry or violent passengers onboard an aircraft. 
Factors contributing to air rage include: 


1. Alcohol and drugs (both legal and illegal) 
2. Being “stuck” on an aircraft 
3. Poor service and limited food and drink options 
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. Cramped quarters and an invasion of personal space 

. Gender and sexual preferences 

. Weight and size 

. The feeling of losing control over one’s life 

. Being forced to check carry-on baggage and a lack of space in the 
overhead bins. 
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In many air rage cases, a flight attendant or another passenger is assaulted. 
Some have included fights among intoxicated passengers, child molestation of an 
unaccompanied minor, sexual harassment, vandalizing, and refusal to stop smok- 
ing or drinking. In addition to the threat of violence to passengers and crewmem- 
bers, air rage incidents can end up costing airlines thousands of dollars in lost 
time and fuel. In Sep. 2006, a passenger on a Canadian Zoom flight had to be 
subdued during a trans-Atlantic flight and was allegedly drinking vodka that he 
had smuggled onboard. The passenger became unruly, and the pilots diverted to 
Scotland’s Glasgow Airport where the passenger was taken into custody. The cost 
of the unplanned landing fees and additional fuel was $188,000. The man was 
found guilty and sentenced to 240 hours of community service. 

Before 9/11, the FAA did not take air rage very seriously, nor did the agency 
learn about other vulnerabilities in the aviation system resulting from air rage 
(Morrison, 2001). In 2001, USA Today conducted a study on air rage and found 
the FAA rarely opened an investigation despite hundreds of onboard incidents 
responded to by airport police, nor did the FAA send inspectors to interview 
witnesses. When investigations did occur, the FAA either took no action or sent a 
warning letter to the offender (Morrison, 2001). Today, the TSA also does not 
track air rage incidents, noting that arrests are conducted in various jurisdictions 
and that it is difficult to track what offenses the individuals were arrested for and 
what they were ultimately charged with. However, Andrew Thomas (2001, 2003, 
2006), author of the books Air Rage and Aviation Insecurity, cites numerous cases 
of air rage on his web site (see http://www.airrage.org), as does Philip Baum, an 
internationally recognized security expert and the editor of Aviation Security 
International magazine (see http://www.avsec.com). 

Air rage incidents in the post-9/11 world commonly involve alcohol, drugs, or 
individuals with diminished mental capacity. Passengers today are more aware 
that other passengers and flight crew are actively observing their behavior and 
that air marshals may be onboard. This has not stopped air rage incidents entirely, 
even against federal officers. In June 2004, a woman was arrested on charges of 
slapping a federal air marshal after he asked her to turn off her cell phone before 
departure. Another incident occurred on December 31, 2003, on a Northwest 
Airlines flight from Pittsburgh, PA, to Minneapolis, MN, when a woman caused 
enough of a disruption that she was reseated next to an air marshal. She then 
threatened to kill the air marshal, punched him, attempted to choke him, and after 
being handcuffed, kicked him. She pleaded guilty to assault on a federal officer 
and interfering with a flight crew and was sentenced to 8 months in prison. 
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Shortly after the liquid prohibitions went into effect in August 2006, the 
aviation industry experienced a sharp increase in air rage incidents; within just a 
few days of each other, up to six aircraft were forced to land because of disrup- 
tive and disorderly passengers. On August 18, a Continental Airlines flight was 
diverted and an actor was arrested when he attempted to take his young son to 
the lavatory; a flight attendant alleged she was assaulted, an allegation that the 
actor denied. Also on August 18, an Air France flight was forced to land in San 
Francisco, CA, after a man assaulted crewmembers for refusing to serve him 
alcohol. On August 19, a British Airways flight was diverted after a couple got 
into a violent argument. On August 20, a United Airlines flight was diverted 
when a 20-year-old man assaulted crewmembers. Although this spate of air rage 
incidents could have been coincidental, it is noteworthy that they all occurred 
just shortly after new prohibitions went into effect restricting passengers from 
carrying liquids onto an aircraft and being forced to check most of their usual 
carry-on baggage. 

Air rage incidents are a threat to the lives of those onboard, a threat to the 
safety of the flight, and a cost to the airline in time and delay. Preceding 9/11, a 
pilot would often be called from the cockpit to handle air rage incidents. Now, 
the need for the flight crew to stay in the cockpit and for the cockpit to be 
protected from intruders makes this an ineffective and dangerous option. 

Many international airlines employ their own security personnel to help 
protect the aircraft, the crewmembers, and other passengers. The United States 
relies on flight attendants to handle air rage incidents and perhaps a few fed- 
eral air marshals who may be available. Federal air marshals and other federal 
law enforcement personnel may be reluctant to compromise their cover unless 
the safety of the flight is threatened, as this could be a tactic used by hijackers 
to expose air marshals. Flight attendants cannot rely on air marshals being 
present and willing to assist and must be trained to handle air rage incidents. 
Part of this training includes how to differentiate between a person who is just 
upset and one who represents a threat to the safety of the flight. Air rage is 
more common than terrorism and strategies for dealing with an intoxicated 
passenger are necessarily different than the strategies for dealing with a 
hijacker. Flight crews and aviation security practitioners must understand these 
differences. 

Protecting crewmembers against air rage is often a combination of several 
elements including training in verbal deescalation of an incident, training in phys- 
ical self-defense, enlisting the help of other passengers, communication with the 
flight deck, and techniques to safely restrain a hostile individual. Many airlines 
have contracted with private industry to provide verbal and physical self-defense 
instruction. Hands-on self-defense training for flight crews also serves a protec- 
tive purpose for terrorist incidents as demonstrated in the intercession by crew- 
members and passengers when Richard Reid tried blowing up American Airlines 
Flight 66 in December 2001. 
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FLIGHT CREW PROTECTION 


The passengers on United Airlines Flight 93 fought back. When they learned the 
hijackers’ real intent, they organized a resistance and died fighting for their lives 
and the lives of possibly thousands on the ground. Although all onboard died, the 
hijackers were not able to fly the airplane into its primary target—the White 
House or the US Capitol. Before 9/11, the common strategy for handling a 
hijacked aircraft called for crewmembers to cooperate with hijackers. The goal 
was to get the aircraft on the ground where negotiations could begin. The 9/11 
hijackers counted on this cooperation to be able to maintain control of the passen- 
gers and flight crew. The common strategy has changed from passive compliance 
to active resistance. Neither passengers nor crewmembers can safely assume that 
the intent of a hijacker is to do anything other than use the airplane as a weapon. 
In response to this new paradigm, the US Congress passed legislation authorizing 
certain airline pilots to carry firearms and be deputized as FFDOs with the author- 
ity to use deadly force to defend the cockpit. Additionally, ATSA 2001 called for 
mandatory self-defense training for pilots and flight attendants. 

Airline employees travel for a living, going to different cities around the 
nation and the world. Even crews flying regularly to familiar cities often take 
advantage of their flight benefits to take family and friends to vacation destina- 
tions. Travel security is a concern for the individual crewmember and for the air- 
line employing that crewmember. 

In-flight security and response by crewmembers must be addressed by consid- 
ering the perceived threat and applying the appropriate response strategy. A 
passenger who is upset and argumentative should receive a verbal response in an 
attempt to deescalate the situation. If the passenger becomes physically violent, 
then crewmembers need to be able to respond to protect themselves and the safety 
of the other passengers. If the passenger is threatening the lives of the crewmem- 
bers or passengers or the passenger is a terrorist threatening the safety of the 
flight, crewmembers must have the resources and knowledge to defend the 
aircraft and themselves. In all cases, from verbal response to deadly force to pro- 
tect the aircraft, crewmembers should be trained in each area and know when to 
escalate from one stage to the next. 


Protecting airline personnel while traveling 
No matter how many times I tell flight crews how dangerous some of the cities 
they travel to are, and that they should stay near the hotel, they still wander 
off to see the sights. 
Anonymous airline security coordinator 


Pilots and flight attendants generally enjoy travel. Either as part of the job or their 
flight benefits, flight crews travel to thousands of destinations every year. The 
very nature of frequent travel exposes flight crews to more risks than most other 
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individuals. Flight crews attract criminals and terrorists, as their uniforms or iden- 
tification can be exploited to access an airport or an aircraft. Unfortunately, no 
matter how dangerous a particular city is, there will be flight crewmembers ready 
to risk their own personal safety for relaxation or recreation. Although it would 
seem easy to ban flight crews from leaving the safe environs of their hotel, this is 
not practical. Awareness and self-defense training along with other safe traveler 
practices are perhaps better solutions. 

It is in the interest of both employees and employers to be aware of traveler 
safety practices. General travel security requires the traveler to have a high level 
of awareness of location and the nature of his or her surroundings. Airline person- 
nel should be acutely aware of their responsibility to protect their travel docu- 
ments, uniforms, and equipment. The theft of these items could facilitate criminal 
or terrorist activity. 

Hotel room and street theft constitute nearly 70% of all travel theft. Theft 
from vehicles and at airports accounts for almost 30% of total thefts (Foster, 
2004). Tourists in particular are targets, and there are usually visual indicators 
that a traveler is a tourist. Travelers should minimize these indicators, such as 
reading a map in public, openly carrying travel guides, dressing differently from 
local styles, opening a hotel room door to strangers, and not taking extra precau- 
tions when using the fitness or pool facilities. 

Once at a hotel, flight crews should change from airline attire and dress to 
blend in to the local culture. Keep valuables locked in room safes or at the hotel’s 
safety deposit boxes. FFDOs must be extra cautious when traveling with firearms. 
It is best to travel with small amounts of cash on hand and use a security wallet. 
International travelers should always carry their passports. Hotel staff are familiar 
with the surroundings, the areas to frequent, and areas to avoid. Therefore, trave- 
lers should seek directions to restaurants and other sites from hotel staff and get 
clear directions written down to the destination or from police officers or business 
owners (Foster, 2004). 

Airport crime is particularly serious, as terrorists may be looking to access a 
traveler’s luggage to place an explosive device. Travelers should never leave bags 
unattended nor accept or carry anything for another person (McAlpin, 2003). If 
bags have been out of a crewmember’s control, such as in a hotel shuttle van 
trunk area, it is wise to search the luggage after it is reclaimed. If there is a suspi- 
cion that the luggage has been tampered with, immediately notify airport police, 
and do not touch the bag until it has been cleared by proper authorities. 

The US Department of State lists information about travel to foreign countries 
and travel warnings on its web site (see http://www.state.gov). The web site pro- 
vides tips for safe international travel, including leaving expensive or flashy jewelry 
at home, and references the Department of State’s consular information sheets on 
each country. US citizens traveling to foreign countries can register with the nearest 
US embassy or consulate through the State Department’s travel registration web 
site (see https://travelregistration.state.gov), which will make a US traveler’s pres- 
ence known if it is necessary to contact him or her in an emergency. 
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Travelers are encouraged to “stay on Bourbon Street.” Bourbon Street is a 
metaphor for the most popular street in a US city or town. Every major city in the 
United States has its own version of Bourbon Street. Generally, the worst crime 
that can happen to a traveler on Bourbon Street in New Orleans (in the United 
States) is to be the victim of a pick-pocket. The more serious crimes—armed rob- 
bery, murder, rape, assault—are more likely to occur off the main street where 
there are fewer police patrols and fewer witnesses. In Las Vegas, NV, the most 
popular location is the Las Vegas Strip. In downtown Denver, CO, it is the area 
known as LoDo or the 16th Street Mall. Every traveler should find their destina- 
tion’s version of Bourbon Street and stay on it. Hotel concierges can tell travelers 
where the main street is in a city. Going into parts of the city away from tourist 
attractions without local escorts invites trouble. When traveling outside a hotel in 
an unfamiliar area, it is best to travel in groups because groups are less likely to 
become targets for criminals. 

Airline personnel should always carry a cell phone and ensure the battery is 
charged before going out. If venturing out from a hotel alone or with just 
one other person, advise the hotel staff of the destination and expected return 
time. If confronted with a violent situation, the general idea should not be to 
win the fight but to safely escape the situation and report the incident to law 
enforcement. 

Airlines travel to both safe and dangerous countries, including countries with 
very dynamic environments where gunfire and explosions are the norm, not the 
exception. Gunfire and explosions from hand grenades and IEDs are characteristic 
of terrorist acts. People can increase their chances of surviving an attack by 
following some basic principles: 


1. The best response to gunfire is usually to drop to the ground. Shooters look 
for targets in their line of sight, so staying below this line may improve 
chances for survival (Aviv, 2003). Furthermore, when crawling away from 
danger, use a low belly crawl and avoid placing one’s spine or head too far 
above the ground (as in a traditional four-point crawl). However, several 
active shooter situations in the past several years have shown the better 
strategy is to run from the gunfire, staying low if possible; if one cannot run, 
hide, and if one cannot hide, fight back to the best of one’s ability. The 
run-hide-fight strategy was first developed by the City of Houston and the 
video is available on YouTube. 

2. When grenades and other IEDs explode, the blast travels upward and outward 
in a conical shape. Dropping to the ground is the recommended protection, 
unless protective cover is immediately available (Aviv, 2003). Following any 
blast, if it is safe to move, leave the area as soon as possible as there may be 
secondary devices ready to explode. 

3. Avoid eye contact. Women should consider wearing sunglasses as it projects 
confidence, travel in groups of two or more, and always look like you know 
where you are going (Aviv, 2003). 
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Self-defense for crewmembers and passengers 


Throughout the history of aviation, there have been attacks on flight crew, flight 
attendants, and other passengers by passengers. The terrorist attacks on 9/11 
brought to light a long ignored subject—aircrew self-defense training. ATSA 
2001 (and ICAO Annex 6 addressing the operation of aircraft) outlined eight 
elements to be included in flight crew security training: 


Determination of the seriousness of any occurrence 

Crew communication and coordination 

Appropriate responses to defend oneself 

Use of protective devices 

Psychology of terrorists to cope with hijacker behavior and passenger 
response 

Live situational exercises regarding various threat conditions 

Flight deck procedures or aircraft maneuvers to defend the aircraft 
Any other subject matter deemed appropriate by the administrator. 
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(ICAO Annex 6 also includes aircraft search procedures and LRBLs as an 
additional measure.) 

Self-defense for flight crewmembers involves three basic levels. Upset and 
argumentative passengers may simply require a nonthreatening verbal response. 
As an individual gets progressively upset and initiates (or indicates) physical 
aggression, notification to LEOs either on the ground or in flight and the use of 
restraints may be necessary. Passengers under the influence of drugs or alcohol or 
of diminished mental capacity may also require more physical control measures 
depending on the level of perceived threat. Extremely violent passengers or 
terrorists require the highest level of response, which may include the use of 
deadly force to protect other passengers, the flight crew, and the aircraft. 
Understanding which level of response is necessary in a given situation is essen- 
tial to successfully managing in-flight incidents. 

Another consideration is the psychology of confrontation from one human to 
another. Extensive studies have been conducted expanding the response options 
from simply “fight or flight” to also include posture, submit, or detach. An under- 
standing of how and what to expect from others and oneself during a high-stress, 
possibly deadly encounter is essential to successfully resolving minor in-flight 
incidents or actual terrorist attacks. 

Flight attendants and flight crews are in a difficult position when handling a 
drunk or disorderly passenger because that person is a paying customer and a 
citizen with rights. Humans make mistakes—they get angry and sometimes do 
or say stupid things that do not necessarily warrant an extreme response. 
Crewmembers must make judgment calls as to whether someone is merely upset 
and can be reasoned with or whether a warning or even physical restraints are in 
order. In some cases, the safety of the entire flight is in jeopardy and the plane 
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should land immediately. After a 2001 air rage incident on a Lufthansa flight, 
renowned aviation expert and editor of Aviation Security International magazine 
Philip Baum commented that “crewmembers need passenger profiling capabili- 
ties in order to detect and interpret warning signs early, before incidents escalate 
to the point where we compromise both personal and flight safety” (Baum, 
2001, p. 27). 

The three levels of response that should be addressed in self-defense training 
are verbal, physical, and extreme. In verbal self-defense, a person is trained in 
methods and procedures of talking to upset individuals as a way to calm them 
and move toward a peaceful resolution. This has the benefit of turning a poten- 
tially violent situation into one where no one gets hurt and may even build good 
customer relations. Someone who stays in control of his or her emotions is in 
control of an event and can better control the outcome. In their book Verbal Judo, 
George Thompson and Jerry Jenkins addressed managing upset people and dees- 
calating tense situations in a way that maintains respect for all parties. 
Thompson’s key principle is to be sincerely empathetic with the upset party; he 
noted that there are many ways to calm someone, but the underlying principle is 
that “the one hoping to do the calming must project empathy” (Jenkins and 
Thompson, 2004, p. 30). 

Jenkins and Thompson stated, “Empathy is the quality of standing in another’s 
shoes and understanding where he’s coming from: empathy absorbs tension” 
(2004, p. 64). Flight crew personnel should respect the upset individual by not 
embarrassing the individual in front of others, insulting the person, or making 
him or her feel powerless. By allowing people to say what they want as long as 
they continue to do what they are asked, crewmembers show respect while 
ensuring that a situation stays under control. Thompson and Jenkins further 
discussed the difference between “nice” people, “difficult” people, and “wimps.” 

Nice people generally do what they are asked. Difficult people do not usually 
do what they are asked the first time but will usually comply if shown the posi- 
tive benefit of compliance. Jenkins and Thompson (2004) described “wimps” as 
difficult people disguised as nice people. They may comply in front of the crew- 
member and then defy the orders once the crewmember has turned away. This 
type of behavior must be exposed and dealt with quickly. 

The physical level of self-defense deals more with a drunk or unruly passen- 
ger. This level involves contact between a crewmember and a passenger 
(or sometimes enlisting the assistance of other passengers). Physical contact does 
not warrant deadly force. A variety of holds and restraints can be used to force an 
individual to comply with directions, move from a seat or location, or defeat an 
attack. Police officers are well trained in these techniques, but crewmembers and 
passengers should not attempt them unless they have received formal training. 
Many community colleges offer programs, often taught by police officers, in 
basic grappling and hold techniques, and numerous training courses can be found 
throughout the country via the Internet. 
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The third level of self-defense is when life or the safety of the aircraft is in 
jeopardy. This level should only be used when there are no other options. 
Unfortunately, simple arguments can move quickly through a level 2 physical 
event into a level 3 life-threatening situation within seconds (Jenkins and 
Thompson, 2004). 


Violent passenger or terrorist 


Once a situation has escalated to a level requiring a violent response, then the 
reasonable use of force, lethal force, and passenger restraint must be considered. 
Passenger restraints present a serious issue considering the legalities involved in 
false imprisonment and the possibility of aircraft evacuation in an emergency. It 
is recommended that “Effective passenger restraint skills require restraint tools 
that are safe and effective, and crewmembers that are trained to apply them 
correctly” (Baum, 2001, p. 31). Before a passenger can be restrained, that person 
must be controlled. This often involves an effective hold such as an arm bar or 
wristlock. These methods are traditionally the domain of the LEO, but their 
techniques have been integrated into the training programs for airline personnel. 

A “hold” of any sort requires a level of consent on the part of the person being 
held or overwhelming force applied by the defenders. Even then, if a hold is not 
properly applied, it can easily turn to a disadvantage for the defender or perhaps 
result in an application of unnecessary force on the attacker. 

One popular form of self-defense in the United States is Krav Maga (KM). 
Developed by the Israeli Defense Force, KM is a basic form of fighting and self- 
defense that uses natural instincts to its advantage. KM is useful for women and 
men of any size. Its techniques are not difficult to master and can also be effec- 
tive against attackers with knives, sticks, and guns. One basic premise of KM is 
the use of distractions. Whenever there is a confrontation between individuals, 
there can be a great deal of confusion. KM teaches some basic verbal defense 
Skills that the defender can use to grab the initiative by temporarily distracting the 
attacker (terrorist or otherwise). 

Strategies used in security-related situations are warranted by circumstances. 
A terrorist with a gun in hand and screaming at passengers on an airplane may 
require an immediate physical response, but some training in how to verbally 
distract an attacker for the purpose of taking over the situation and initiating a 
counterattack may also be useful. However, a terrorist shooting people in an 
airport terminal requires an immediate physical response to prevent the further 
loss of life. 

In Aircrew Security, Waltrip and Williams (2004) summarized some basic 
safety practices to apply when dealing with upset passengers showing signs of 
becoming violent. Crewmembers should maintain distance from the passenger, 
keep a balanced stance, keep hands above the waist in a nonthreatening manner, 
choose a retreat path, watch the passenger’s hands, not turn away from the 
passenger if possible, and recognize when the situation is deteriorating. 
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An airline’s use-of-force policy should be clearly articulated and integrated 
into the aircrew security training program. A common law enforcement 
escalation-of-force policy progresses from presence to voice, hands, chemical 
spray, stun gun or Taser, impact weapon, and, finally, lethal force. Considering 
that chemical spray, Tasers, and impact weapons are prohibited items, an airline 
use-of-force policy may include the use of presence, voice, hands (or asking for 
help from others), makeshift weapon if the person is becoming violent, and, 
finally, force (Waltrip and Williams, 2004). Although this scale is useful for train- 
ing, it is understood that each incident is different and crewmembers may have to 
skip to higher levels of response. 

Another consideration is the reasonable application of force. Crewmembers 
and passengers must keep in mind that the vast majority of airline security inci- 
dents are not terrorist threats but the behavior of upset or intoxicated passengers. 
Section 144 of ATSA 2001 states: An individual shall not be liable for damages 
in any action brought in a Federal or State court arising out of the acts of the indi- 
vidual in attempting to thwart an act of criminal violence or piracy on an aircraft 
if that individual reasonably believed that such an act of criminal violence or 
piracy was occurring or was about to occur. 

As Waltrip and Williams (2004) pointed out, the operative term in the 
above quote is reasonable. A passenger or flight crewmember can use a 
variety of items to fight back against a hijacking attempt. Everyday travel 
items such as shoes, pens, briefcases, laptops, key rings, bottled water, 
unopened soft drink cans, hot coffee, carafes, or even a large wallet or purse 
can be used as a weapon to defend or fight back. Commercial airplanes also 
have items onboard that can be used as weapons, such as seat cushions and 
blankets (which can be used as buffers against knives), fire extinguishers, and 
first-aid kits (Holt, 2002). Fire extinguishers can also provide a temporary 
smoke screen. Megaphones and life jackets are other useful items for either 
hitting or fending off a knife attack. 

Pharmaceuticals can also be used to keep a dangerous individual subdued until 
landing, whether they are provided by passengers with prescriptions or are 
onboard for emergency use. Commercial service aircraft have first-aid kits that 
contain basic items (bandages, etc.) and some pharmaceuticals such as painkillers 
and antinausea drugs, which could be used in an emergency. When Richard Reid 
attempted to destroy an American Airlines flight in 2001, three doctors onboard 
injected him with Valium and Narcan, both sedatives, and an antihistamine in an 
attempt to subdue him (CNN, 2002).’ 

Passengers and flight crew should observe other passengers for signs of suspi- 
cious behaviors such as extreme nervousness, silently communicating, or sending 
signals to other passengers. Passengers in the cabin should also keep their seat 
belts on at all times during incidents as the pilot may elect to maneuver the 





7Reid’s attorneys later argued, unsuccessfully, that the drugs prevented Reid from understanding 
his Miranda rights. 
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aircraft so as to throw hijackers off balance. Although this is not recommended in 
most airline flight manuals, it is a strategy that pilots have used in the past 
(Barrett, 2003). 

If a hijacking begins, passengers should wait to see if an air marshal or other 
LEO takes action. Passengers jumping up in the middle of an armed response 
may be misidentified as a hijacker and shot. If it is apparent that an LEO is either 
not onboard or not going to immediately respond, anyone taking action should 
understand that the most confusing part of a hijack is at the very beginning. This 
can be used to a defender’s advantage. 

In the book On Killing, author David Grossman (1996) described posturing as 
an effective method of controlling one’s opponent. It is likely that the hijackers 
will be yelling and moving quickly at the beginning of the hijacking as a method 
of posturing, instilling fear into passengers. Defenders should also yell when 
attacking hijackers as a way to posture themselves and instill fear into the 
hijackers. 


FFDO PROGRAM 


A response to an individual attempting to gain access to the cockpit is allowing 
the flight crew to use deadly force. Originally, some airlines purchased Tasers to 
give to flight crew, but in the spirit of defending the flight deck, the Air Line 
Pilots Association (ALPA) and other pilot groups lobbied for the right to carry a 
gun in the cockpit (Sloan, 2002). The Arming Pilots Against Terrorism Act was 
incorporated into the Homeland Security Act of 2002 and passed by the US 
Congress, thus creating the FFDO Program. FFDOs are passenger and cargo 
airline pilot volunteers; they are provided a firearm and a week-long training ses- 
sion taught by the TSA. FFDOs receive training in the use of deadly force, the 
care and handling of the weapon, and some basic self-defense tactics. The juris- 
diction of the FFDOs is limited strictly to the cockpit. FFDOs are not authorized 
to use their firearms in the cabin, nor are they allowed to use them on airport 
property. Airline and air cargo operators with security programs under Part 1544 
are eligible for the FFDO program.® 

Debate regarding the FFDO Program also included concern over damage to 
aircraft from onboard gunfire, however, the risk seems to be quite minimal as 
described here: 


A Boeing Commercial Airplanes representative on May 2 told a Congressional 
subcommittee that the risk of losing an airplane from a stray bullet is “very 
slight.” Speaking at a U.S. House of Representatives Aviation Subcommittee 
hearing on whether flight crews should be allowed to carry guns aboard com- 
mercial transports, Ron Hinderberger, Boeing Commercial Airplanes director 





8Since 1960, any pilot carrying US mail had the authority to carry a firearm, a policy that withstood 
until 1987 (Lott, 2004). 
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of Aviation Safety, said the commercial service history of Boeing “contains 
cases of gunfire onboard in-service airplanes, all of which landed safely.” 
Boeing is not taking a position on the issue of whether flight crews should be 
armed. In late May, the Bush administration announced a ban on firearms in 
cockpits; some members of Congress vowed to fight to overturn the decision. 
Boeing, 2002 


Some pilots have criticized the program for the TSA’s tight restrictions on 
who is selected to be an FFDO. Bob Lambert, president of an airline pilot’s lobby 
in 2002, estimated that 40,000 pilots would volunteer for the program if the TSA 
removed the psychological screening exam requirement (Goo, 2003). However, 
Duane Woerth, president of the ALPA, agreed with the psychological exam 
because of different types of emotional responses between flying an aircraft and 
firing a weapon (Goo, 2003). Today, the program mostly suffers from a lack of 
funding and support that will allow its ranks to increase and support the existing 
cadre. The program is cost-justified as pilots are volunteers, draw no salary, and 
pay out-of-pocket expenses to be in compliance with requalification and recurrent 
training aspects. FFDOs must carry credentials while exercising FFDO duties and 
transporting firearms en route to or from assigned aircraft. 


FOREIGN AIRCRAFT OPERATIONS 


Foreign air carrier operations introduce unique challenges to the aviation security 
system. Foreign operators must adhere to US aviation security regulations. For 
airport operators, the foreign air carrier arrival area represents the US border. 
Therefore, customs, immigration, and agriculture protection agents become a part 
of the ASP, and the airport operator must provide these agencies with the proper 
facilities to secure the US border. The regulations for foreign aircraft operations 
mirror those for domestic aircraft operators and are designed to ensure that security 
procedures applied to inbound US flights meet the same standards as domestic 
operations. In certain cases, where aircraft are arriving from a location where 
screening or other security measures were not conducted to US standards, passen- 
gers and their baggage may have to be rescreened before accessing US soil. Airport 
operators may have to build additional screening areas to handle reverse screening. 


TITLE 49 CFR PART 1546 FOREIGN AIR CARRIER SECURITY 


Regulations for foreign air carriers are similar to those for domestic aircraft 
operators, but there are fewer mandated in Part 1546 Foreign Air Carrier Security 
regulations.” These do not address security coordinators, the carriage of accessible 





Part 1546 also includes screener qualifications when the foreign air carrier conducts screening and 
is materially the same as Title 49 CFR Part 1544 Subpart E. 
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weapons, the carriage of prisoners, the transportation of federal air marshals, the 
security of aircraft and aircraft facilities such as administrative offices and hang- 
ars, exclusive area agreements, conducting CHRCs, contingency plans, or security 
directives and information circulars. 

One major difference in foreign air carrier security versus domestic is that for- 
eign air carriers may not access SSI materials unless specifically authorized by 
the TSA. Foreign air carriers do not follow, nor are they allowed access to, the 
AOSSP, which is only for domestic air carriers. Foreign air carriers must adhere 
to the Model Security Program, which outlines the relevant required security 
actions and programs. 

Foreign air carriers are allowed to develop their own practices for the carriage 
of prisoners, requirements for carrying weapons in checked baggage, and protec- 
tion of aircraft and facilities. Because there is no requirement for foreign air 
carriers to have a personnel identification system, foreign air carriers operating 
within the SIDA of a US commercial service airport must undergo an airport- 
conducted CHRC and be issued approved airport access/ID media. A known dis- 
crepancy with conducting the CHRC on a foreign air carrier employee is that if 
the foreign employee has committed felonies in another country, but none in the 
United States, it is unlikely that the CHRC will prevent issuance of an airport 
access/ID badge. Individuals applying for an access/ID badge do have to supply 
other identification information such as Social Security numbers, passport identi- 
fication numbers, or resident alien identification numbers. This data may be 
checked by the TSA and other US federal law enforcement agencies, which may 
lead to the discovery of criminal activity outside the United States. 

Noteworthy is the exclusion of exclusive area agreements for foreign air 
carriers. Foreign air carriers cannot take responsibility for security in certain areas 
of an airfield or sections of an ASP. As with domestic aircraft operator security 
programs, foreign air carriers operating within the United States must allow the 
TSA to enter secure areas to make inspections, conduct tests, and copy the aircraft 
operator to establish compliance with Part 1546. 

Security programs and security requirements are the same for foreign aircraft 
operators as for domestic aircraft operators. Foreign air carrier security programs 
must be approved by the TSA and ensure that the level of security is equal to or 
greater than that for US aircraft operators serving the same airport. The program 
must be drafted in English unless otherwise specified by the TSA. The procedure 
for amending the security program is the same for foreign operators as for domes- 
tic operators. 

The requirements for screening individuals and property are similar to domes- 
tic screening requirements. Title 49 Part 1546.203 grants wide latitude to foreign 
air carriers in determining the requirements for the transportation of weapons in 
checked baggage, provided foreign air carriers ensure that checked baggage has 
been properly screened and refuse to transport any item not subjected to screen- 
ing. The regulations require a passenger to notify the foreign air carrier that he or 
she is checking a firearm but allows the foreign air carrier to determine how to 
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prepare the weapon for transport. Part 1546.203 only requires that the weapon be 
transported in an area of the plane that is inaccessible to passengers. The require- 
ments such as loaded versus unloaded, hard-sided container, locked, and so forth 
required of domestic air carriers are not required of foreign carriers by the trans- 
portation security regulations. Discretion is left to the foreign air carrier. 

With respect to air cargo, foreign aircraft operator regulations do not refer to 
an all-cargo or 12-5 cargo program. However, regulations still require the foreign 
air carrier to ensure that any cargo placed onboard a commercial aircraft carrying 
passengers has been subjected to the required screening and that cargo received in 
the United States has only been accepted from a known shipper. Additionally, 
Part 1546.213 requires that those with access to cargo undergo a security threat 
assessment (STA). Foreign air carriers can decide who is a known shipper 
based on the requirements that each determine the shipper’s validity and integrity 
as provided in the foreign air carrier’s security program, separate known 
shipper cargo from unknown shipper cargo, and ensure that cargo is screened or 
inspected. 


THREAT AND THREAT RESPONSE 


Foreign air carrier regulations do not have a section related to contingency plans 
as do US domestic aircraft operators, and foreign carriers are not required to 
increase their security posture when the DHS color-coded alert system is raised. 
All foreign air carriers are required to have their security programs approved by 
the TSA. The operation of the foreign air carrier is at the pleasure of the FAA 
and the TSA. The TSA can therefore require that foreign air carriers take certain 
increased security measures as deemed appropriate. Foreign air carriers are 
required to report to the TSA any threat to an aircraft that is either operating in 
the United States or is intending to fly to the United States. Upon receipt of a 
threat, the foreign air carrier must notify the PIC and conduct a security inspec- 
tion at the earliest opportunity. Any foreign air carrier flight within the United 
States or heading to the United States that has received a bomb threat is not 
allowed to take off unless the aircraft has been searched. Any foreign aircraft in 
flight that receives a threat must land as soon as possible, notify the appropriate 
authorities, and search the aircraft before continuing the flight. 


ADDITIONAL CONSIDERATIONS OF FOREIGN AIR CARRIER 
OPERATIONS 


Foreign air carriers have additional requirements such as providing passenger 
manifests to the US government. Foreign air carriers or domestic air carriers 
flying into, out of, and over the United States must provide passenger manifest 
lists to the TSA within 15 minutes after the departure of the flight. The TSA 
inputs the data into the Advance Passenger Information System. Carriers must 
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also provide a master crew list and crew manifest data to the TSA on the 
Customs and Border Protection (CBP) web site. The TSA reviews the data 
against the no-fly lists and known terrorists watch lists. In some cases, flights 
inbound to the United States have been diverted and a passenger taken off the 
plane by law enforcement. 


BORDER PROTECTION 


Airport operators must design and operate their federal inspection service (FIS) 
areas (customs, immigration, Department of Agriculture) to ensure that passengers 
entering the United States via air are separated from domestic flight operations 
until FIS officials can conduct the proper inspections of the passengers and their 
baggage. At the G8 conference in 2005, the United States announced the creation 
of a Smart Border of the Future, which is based on the following rationale: 


The border of the future must integrate actions abroad to screen goods and 
people prior to their arrival in sovereign U.S. territory, and inspections at the 
border and measures within the U.S. to ensure compliance with entry and 
import permits. ... Agreements with our neighbors, major trading partners, 
and private industry will allow extensive pre-screening of low-risk traffic, 
thereby allowing limited assets to focus attention on high-risk traffic. The use 
of advanced technology to track the movement of cargo and the entry and exit 
of individuals is essential to the task of managing the movement of hundreds of 
millions of individuals, conveyances, and vehicles. 

White House, 2002 


To this end, the design of FIS facilities is largely subject to the discretion and 
desires of the CPB agency. Any airport receiving flights from outside of the 
United States must have an FIS area: Passenger processing facilities are provided 
by the airport at no cost to the government and inspection services are normally 
furnished by the government at no cost to the airport. By law, airports are 
required, at airport expense, to provide adequate passenger and baggage proces- 
sing space, counters, hold rooms, office space, equipment, utilities, vehicle park- 
ing, and other facility-related support required for the FIS agencies to function 
properly (TSA, 2006). 

Through Section 233(b) of the Immigration and Nationality Act, the aircraft 
operator is responsible for the costs of the FIS facilities. This is usually through 
the collection of fees by the airport (as the owner/operator of the facility). The 
FIS facility represents the border of the United States. Although airport borders 
are well within the geographic borders of the United States and are often not as 
clearly delineated as a sea or land border, they are borders nonetheless, and 
access must conform to US laws and treaties. Design of the FIS facility is 
guided by the CBP Airport Technical Design Standards (also called the Air 
Technical Design Standards and available from the CBP division of the DHS). 
This document contains CBP requirements for the design of new or remodeled 
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airport terminal building facilities to accommodate CBP inspection of aliens and 
their luggage arriving into the United States at US ports of entry and at preclear- 
ance, preinspection, and predeparture sites outside the United States (Fig. 8.1). 
It describes the physical characteristics of an FIS area, including passenger and 
baggage flow, terminal building space use, guidance for processing arriving 
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international passengers and baggage, and administrative areas such as offices, 
inspection booths, holding cells, security requirements, X-ray systems, access 
control, and other equipment to support the monitoring, control, and operation 
of the facility. 

The primary mission of the CBP is to prevent terrorists and weapons from 
entering the United States. Efficient processing of legitimate visitors to the 
United States is also a priority, but not at the expense of the first priority. The 
FIS facility design must consider both priorities. Passengers arriving from outside 
the United States into an FIS facility first go through immigration, a series of 
counters where immigration personnel check the validity of the passengers’ travel 
documentation, review their reason for entering the United States, and then deter- 
mine the visitors’ expected duration of stay. The design of the FIS facility must 
prevent passengers from bypassing this process. 

After immigration processing is complete, passengers enter a baggage claim 
area to pick up checked baggage. Customs agents watch for individuals attempt- 
ing to bring contraband, which could include illegal weapons or drugs, into the 
United States. Agents decide who to check based on prior intelligence, profiling, 
and random checks. Department of Agriculture agents are often on hand to ensure 
that certain foods and other items are not brought into the country. On some occa- 
sions, agents of the US Fish and Wildlife Service, the Public Health Service, and 
other federal agencies may be present and conducting inspections for a variety of 
reasons, including the illegal trafficking of protected fish, wildlife, and plants, 
and to prevent the introduction, transmission, and spread of communicable 
diseases. At larger airports, Immigration and Customs Enforcement may be pres- 
ent and conducting ongoing investigations of criminal activity through the air- 
port’s borders. 

The size of an FIS facility is determined by the number of passengers 
processed at the peak hour of operation and the number of aircraft arriving during 
a set period (TSA, 2006). In some instances, airport operators may have to incor- 
porate additional TSA checkpoints into the overall design of the FIS facility to 
screen passengers and their carry-on baggage if they are arriving from an airport 
that does not meet the US standard for screening. Whether or not screening facili- 
ties are used depends on where passengers are able to go after leaving the FIS 
facility. If the facility design is such that passengers enter the sterile area of the 
airport after clearing the FIS facility, then the airport must incorporate space into 
the FIS facility for TSA screening. If the design of the facility forces all passen- 
gers into the public area, the airport will generally not have to provide for a 
screening checkpoint. 

The integrity of the FIS facility must be protected in a number of ways, 
including the use of CCTV and a computerized access control system. The CBP 
will assist in access control by applying strict standards as to who (besides pas- 
sengers) may be in the FIS facility, often requiring airport workers, such as airline 
personnel and airport operations, security, and law enforcement personnel, to 
wear additional identification. The CBP may require that the airport or aircraft 
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operator issued an access/ID badge bear a specific symbol authorizing access to 
the FIS facility. The CBP usually issues this icon after someone has passed a 
specific record check through the CBP computer systems. 


GLOBAL ENTRY 


Global Entry is a CBP program that allows expedited clearance for preapproved, 
low-risk travelers upon arrival in the United States. Participants may enter the 
United States by using automated kiosks located at select airports. At airports, 
program participants proceed to Global Entry kiosks, present their machine- 
readable passport or US permanent resident card, place their fingertips on the 
scanner for fingerprint verification, and make a customs declaration. The kiosk 
issues the traveler a transaction receipt and directs the traveler to baggage claim 
and the exit. 

Travelers must be preapproved for the Global Entry program. All applicants 
undergo a rigorous background check and interview before enrollment. The 
Global Entry program is being used by the TSA as a guide in developing their 
precheck program and Global Entry participants are eligible for precheck. 
Enrollment in Global Entry requires an online application, an interview at a US 
Customs office, and having the proper documents, such as a valid passport, 
driver’s license, and proof of residency. 


CONCLUSIONS 


This chapter examined requirements and processes that aircraft operators must 
address when managing security related to aircraft operations. Aircraft opera- 
tors work in conjunction with the federal government to implement many secu- 
rity programs, such as screening, transporting armed LEOs, or conducting 
CHRCs. 

The aviation security practitioner must be aware that standards used and 
levels of performance demonstrated by aircraft operators can vary when 
managing security processes and systems. In response to these concerns, the 
US government routinely publishes security guidelines and regulations such as 
the AOSSP and Title 49 CFR Part 1544. In addition to delineating responsibil- 
ities for managing a safety program, the AOSSP also provides standards or a 
common Strategy for airlines to respond to many forms of security threats. 
CFR Part 1544 specifies the security requirements an aircraft operator must 
follow to provide commercial operations in the United States. Supplementing 
government directives, airline security officers conduct their own inspections 
of airports to verify that the airports serviced will also meet minimum security 
standards. 
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All airlines operating within the United States must have an approved security 
program describing their facilities, equipment, and related security responsi- 
bilities. Fundamental to these programs is the responsibility of the aircraft opera- 
tor to prevent or deter the carriage of any weapon, explosive, or incendiary 
device on a person or carry-on baggage before the person or bag boards an air- 
craft or enters a sterile area. When a US air carrier is operating in another nation 
or at certain small air carrier stations within the United States, the aircraft 
operator must still ensure that all applicable measures are taken to properly 
screen individuals and carry-on baggage. All-cargo aircraft operators who carry 
passengers must ensure that only authorized passengers and their carry-on bag- 
gage are allowed to board and that they do not bring any weapons, explosives, 
incendiaries, and other destructive devices, items, or substances onboard. 

This chapter also introduced different types of approved security programs, 
such as a full security program, an all-cargo program, the 12-5 program, or a 
private charter program. All airlines operating under any of these programs must 
ensure that cargo is properly screened and inspected to prevent or deter the 
carriage of unauthorized persons, unauthorized explosives, incendiaries, and other 
destructive substances or items in cargo onboard an aircraft. 

Aviation security practitioners must understand the organizational matrix of 
personnel involved in aircraft operations. Therefore, this chapter examined and 
compared the roles of various security personnel such as GSCs and LEOs. Of 
importance are the ASCs serving as the primary contact for their airline to the 
TSA. ASCs also coordinate the transportation of LEOs and their prisoners. These 
types of activities are managed under regulatory procedures and can have a signif- 
icant effect on aircraft operations. How these and other personnel manage ground 
security in boundaries such as exclusive areas or SIDAs was also described. 

Aircraft operators must also consider the security implications related to 
other threats, such as disgruntled employees, baggage and cargo theft, abuse of 
employee flying privileges, assault from passengers, and breaches in computer 
information security. Strategies for managing these and other threats usually 
include training programs. These programs include topics such as learning the 
psychology of aggressive behavior (eg, air rage), self-defense techniques, and 
processes for handling secret or sensitive information. Not only are airline secu- 
rity personnel concerned with the safety of passengers during flight, but they 
are also concerned for the safety of their flight crews both onboard and while 
staying in cities around the globe. Aviation security practitioners should remem- 
ber that upset or intoxicated passengers cause the majority of airline security 
incidents. 

Conducting aircraft operations by or within other nations creates higher levels 
of complexity in managing aviation security. For example, customs and immigra- 
tion agents become a part of the security program used by each airline that is 
operating internationally. Regulations for foreign aircraft operations within the 
United States ensure that security procedures applied to inbound US flights meet 
the same security standards as domestic aircraft operations. 
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AIRCREW PROTECTION WHILE ON TRAVEL 


James Hiromasa 
Force Training Specialist, Colorado Krav Maga 


Why is it that SWAT never loses? .... because SWAT teams use overwhelming force! Tactics, 
Tools, and Training (the 3 Ts of SWAT) play a role for sure, but a tremendous majority of 
altercations are brought to a successful close because the SWAT officer brought a lot of 
colleagues to help. Any person in a position of authority who finds themselves in a physical 
altercation, or about to be in one and in need of self-defense, must be prepared to take charge and 
recruit others to help take-down an attacker. 

The idea that self-defense consists of sets of learned techniques and movements (tools and 
tactics) is a pervasive misconception. While technique and tactics can help, training plays the 
biggest role in successfully defending yourself when attacked. The problem is that not many 
people have the time, drive, or desire to devote the amount of time needed to make the training 
useful. Attending a | day “self-defense training” seminar where people are shown a few dozen 
moves and techniques is, for all practical purposes, useless. Not that the techniques themselves are 
useless, but learning them in a vacuum without applying them repeatedly in multiple scenarios 
under stress render them mostly unusable in times of extreme stress. Regular, scenario-based 
training and stress inoculation is a requirement for adequate training. 

When we discuss altercations on an aircraft, bus, or a similar confined and populated 
environment, the idea of self-defense is no longer a personal decision. The differences between a 
Flight Attendant defending themselves against a mugger in the street (personal protection) and 
having to confront physical violence on an aircraft (public safety) in an official capacity can 
summed up into these three areas: 


1. A mind-shift must occur by the Crew member first confronted or doing the confronting. The 
mentality should no longer be “self-defense.” On an aircraft the goal is to now hold a position 
and defend the safety of others. 

2. A shift in tactics must also occur. How one would defend oneself effectively on an aircraft is 
not necessarily the best tactic to hold position or protect others. 

3. The limited and confined space of an aircraft is challenging when talking about traditional 
self-defense tactics and techniques—even to the well trained and seasoned. 


Just as is true with SWAT teams, so it goes for any group of people. Having allies is a great 
advantage! A Crew member must not only look to their fellow crew for help and backup, but 
must also look to the passengers who are more likely to be nearest the altercation. But, in a world 
where people would rather record an altercation over getting involved, what is needed is an 
authority figure with command presence. 

In an emergency lives can be saved or lost based on how passengers listen to authority. In a 
potentially violent altercation, that authority can spur passengers into action. Post-911, we think it 
is safe to say that once an obvious problem arises that puts the plane in imminent danger, 
passengers will rise up. We have seen it dozens of times already with mostly mentally disturbed 
or under the influence individuals. But there are cases that look more like real problems, like the 
attempted hijacking of a Chinese Aircraft in June of 2012, United 1074 DC to Denver in March 
of 2015, or the Lufthansa flight on its way to Belgrade in December 2015. In these cases, 
passengers took decisive action. However, the problems may not always be so evident and could 
get quickly out of hand if not caught early. Therefore, a decent amount of training should be 
focused on how and when to get passengers involved and on what level. 

When we train groups, agencies, and even individuals on how to deal with active threats to 
public safety, start by showing them how they already know how to identify threats based on 
body language and baseline behaviors. Crews see so many passengers every day that whether they 
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realize it or not, they have a solid body language reading ability because of the number of 
“baseline” readings they see every day. Working with, trusting, and allowing for that kind of sixth 
sense input is invaluable. Once a potential red flag is raised, the crew member can pass that info 
on to other crew members and also begin to identify people around the vicinity that might be of 
help if a situation arises. Make eye contact with the potential allies and find reasons to engage 
with them verbally. It could be completely harmless small talk or banter, but by creating a 
personal bond with them, it will be easier to command decisiveness from them in an emergency. 

In the case of threats or unruly situations that have not fully developed into a physical 
confrontation yet, de-escalating with command presence is the best case scenario. But aside from 
trying to “talk someone down,” you can also use your authority, and your new found allies, as a 
quiet show of force. For instance, if confronted with an aggressive passenger, make eye contact 
and use nonverbal cues with people that can help if needed, and then, if it escalates, command 
(not ask) them to stand and not let him/her pass, with the goal being essentially to “box” them in. 
For most people with even a shred of conscious thought left, the reality of having three to four 
people deep to get past will look too bleak to continue down this path and they may become more 
agreeable to de-escalation tactics. 

For more developed threats, even in an emergency, people may hesitate. Many of them will 
not spur to action unless someone else does first, even if someone else is in grave danger. Absent 
a leader, people that could do something often do not. . .the “Bystander Effect” is alive and well. 
A prime example of this is the July 4, 2015 stabbing murder of Kevin Sutherland on a DC Metro 
Train car by a single assailant with 12 bystanders. To combat this, we train people to give direct 
commands to specific individuals as opposed to simply asking for help. An example of how to do 
this might be eye contact or pointing to someone and saying “YOU, I need you to grab this guy’s 
arms NOW” instead of “Someone help me.” If you have prepared people to help you by 
acknowledging them and creating a rapport beforehand, you can almost certainly expect 
immediate and direct responses to your commands. The difference of a few seconds of hesitation 
may not seem like much, but in the world of violence, seconds can be a lifetime. . literally. You 
can lose an advantage in a fraction of a second. 

If a situation is escalating you will need to start thinking about real action. Take a position of 
advantage and maintain a reactionary gap (enough space between you to give you time to react to 
a sudden movement). Try not to give ground to a slowly advancing aggressor unless you are 
doing it very tactically. Giving ground can cause them to press harder and faster. If you give 
ground, do so in conjunction with loud verbal commands. Tap passengers on the shoulder intently 
as you pass them and try to make brief eye contact as you do so. This is a universal nonverbal 
signal that you need their help. If you decide you need to make a stand and give no more ground, 
try to choose a section and row with no children in it and populated by seemingly able bodied 
people. If the situation erupts, then you at least have some help ready to go. 

When it erupts, people will mostly do one of three things; scramble out of the way, compress 
against the windows to be as far from the problem as possible, or help. Any of those three are ok for 
one reason or another, as long as they do not hinder you and your newfound team. At this point, 
unlike personal self-defense situations; your goal is to immediately take away the aggressor’s 
mobility. Achieve this by controlling BOTH of their legs, preferably from behind but any direction 
will do. Once you have controlled the legs, there is far less leverage the attacker can use for strength 
and striking. Of course whoever is controlling the legs will be quite vulnerable until someone is also 
controlling the upper body; preferably the arms and head. This is where the command presence skills 
are vital. If you are the “contacting” authority and it escalates, you are most likely going to be 
involved with the upper body. Command someone to “wrap up” or “control” their legs. Realistically 
in a confined space, you can really only have three, maybe four people at most trying to control one 
person before help becomes a hindrance, so be quick and concise. 

If you are not already there, moving the aggressor sideways into a row of seats or down to the 
floor is the ideal way to begin attaining control. Often times someone that is fighting control 
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tends to instinctively press backward just as people trying to gain control press forward. With 
allies in front and behind, you could all end up pressing against each other, inadvertently keeping 
the aggressor upright. Commanding people to push into a row of seats might be easier than 
forward or backward. Whichever direction, the idea is get the aggressor to a prone position with 
weight on top of them. The key to success in any case is to continuously be barking out specific 
direct commands. 

Always be prepared to deliver strikes as well, not just hold on to someone, to buy yourself 
time for help to arrive. It also clearly escalates the urgency of the situation in the bystander’s 
minds. Short stroke strikes like knee strikes and elbow strikes will be the most effective in close 
range. The violent, but absolute truth, is that the easiest person to control is an unconscious one. 

If restraints are needed (and they will be if a fight just concluded), be sure to secure not just 
the hands, but the ankles as well. You can secure the ankles to the underneath of the seat with a 
backward bend in the legs. We use zip ties as restraint devices if actual flex-cuffs are not 
available. Restrain the elbows to the seat arms as well to minimize arm movement and discourage 
attempts to break free of restraints. For more violent offenders, put a restraint loosely around the 
neck and around the seat back. That will keep them from banging their upper body forward and 
backward in the seat. 


The key to all of this lies in training. Training trumps tactics and techniques. Scenario training 
trumps it all. One day of well-planned scenario training can do more good than months of theory 
on the mat. 
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General aviation and 
unmanned aerial 
vehicle security 


OBJECTIVES 


This chapter examines potential security threats to general aviation (GA) airports 
and flight operations. Strategies for protecting GA airports and aircraft are pro- 
vided and an overview of changes in aviation security that affected GA operations 
after 9/11. You will learn about challenges to developing and implementing secu- 
rity regulations for GA airports. Security strategies used by the Transportation 
Security Administration (TSA) and various GA airport and aircraft operators, 
along with the rapid development of Unmanned Aerial Vehicles (UAVs) and their 
security ramifications, are discussed. 


INTRODUCTION 


Since 9/11, the GA community has struggled to help the public understand the 
nature of GA. These efforts have focused on greater public understanding for how 
GA benefits the US economy and communicating ways to prevent onerous legis- 
lation that may cause irreparable damage to the industry. The theft and illegal use 
of GA aircraft predate 9/11. GA aircraft have long been used as platforms to 
smuggle narcotics and weapons and for human trafficking operations. There have 
been several incidents that have called GA security into question, including: 


1. GA aircraft have long been used in illegal drug smuggling operations; 
ultralight aircraft, which fly low enough to avoid radar and are very difficult 
to detect, are a recent addition to the smugglers tool kit. 

2. In 1993, the Federal Bureau of Investigation (FBI) indicated that Osama bin 
Laden assessed the possibility of using an agricultural aircraft to spread a 
chemical agent on a ground target. 

3. In 1994, part of Operation Bojinka included a plan to crash a Cessna small 
aircraft filled with explosives into the headquarters of the Central 
Intelligence Agency (CIA). 

4. Also in 1994, an individual crashed a Cessna 150 light training aircraft into 
the White House. 
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5. 


6. 


7. 


In 1998, author James Canton presented research to the FBI on a hypothetical 
attack on the National Mall using a GA aircraft to spread anthrax. 

The 9/11 hijackers trained at US flight schools on GA aircraft and had used GA 
aircraft to scout out the New York City airspace in preparation for the attacks. 
In 2002, a teenager crashed a Cessna 172 into the Bank of America building 
in Tampa, FL. 


. According to the FBI (Government Accountability Office, 2004), terrorists 


have assessed the feasibility of using GA aircraft as a possible medium for 
attacks; in a CIA report to Congress, the agency director suggested that bin 
Laden had assessed whether to use GA aircraft to carry out the 9/11 attacks, 
but instead went with commercial airplanes, suggesting the terrorists 
exercised a deliberative process of weighing the pros and cons of using GA 
(DHS OIG, 2009, p. 12). 


» In 2005, an individual crashed an ultralight into the German Parliament 


building in an apparent suicide. 


. In 2005, there were two embarrassing moments for the GA industry that 


included inebriated pilots stealing planes they had access to fly to go joyriding. 


. In 2010, an individual flew his own small aircraft into the local offices of 


the Internal Revenue Service in Austin, TX. 


. In 2011, the so-called “Barefoot Bandit” stole several GA aircraft and led 


US law enforcement officers (LEOs) on a chase across the country. The 
individual did not have a pilot certificate and taught himself to fly using a 
home-based computer flight simulator. 


. On April 15, 2015, a man landed his ultralight on the lawn of the US 


Capitol. The man announced his intentions to his hometown newspaper as 
part of a publicity stunt to encourage campaign finance reform. North 
American Aerospace Defense Command (NORAD) and the Federal Aviation 
Administration (FAA) noted that the craft was not spotted on radar, but the 
pilot sent a tweet to one of the authors of this text, noting that the FAA told 
him he was being tracked on radar. While an ultralight aircraft is incapable 
of doing significant damage to a building, it may present a threat in its 
ability to fly over security personnel and perimeter fences. It is unlikely, 
however, that authorities would order law enforcement personnel to open fire 
on an individual, unless a threat was perceived, because shooting bullets and 
missiles into the air over the Mall in Washington, DC, could end up causing 
more harm than allowing the craft to land. 


. On the 10th anniversary of the 9/11 attacks, the Department of Homeland 


Security (DHS) issued an alert for the possible use of a GA aircraft in an 
attack on the United States, which brought the whole issue of GA security to 
the forefront of the public’s mind. 


. Adding to all this are continuing stated beliefs on the part of security 


officials warning that since many of the holes in commercial security have 
been fixed, terrorists will look to other means of attack such as GA and 
air cargo. 
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16. In September 15, 2013, a Parrot AR drone, a small quadrocopter flew within 
feet of German Chancellor Angela Merkel and German Defense Minister 
Thomas de Maiziere. The drone hovered briefly in front of them before 
crashing into the stage at their feet. While the Chancellor and Minister seemed 
amused by the “drone attack,” others saw the clear security risk had the drone 
been carrying an improvised explosive device (IED) (Gallagher, 2013).' 

17. The television show, Airplane Repo, repeatedly shows how easy it is to 
acquire a private aircraft, if one has the knowledge of how to fly it. In 
August, 2015, a woman attempted to start a corporate airplane at the 
St. Louis Downtown Airport when she was let onto the field by a security 
officer who thought he saw a vehicle pass on her windshield (Currier, 2015). 

18. In 2015, an individual posted a clip to YouTube showing a drone firing a 
pistol, which drew the attention of authorities but also demonstrated that the 
new devices can be easily weaponized (Associated Press, 2015). 


GA provides vital services to the United States and greatly enhances the US 
economy. GA accounts for some 77% of all flights in the United States. With 
more than 200,000 aircraft, 650,000 pilots, and 19,000 airports and landing strips, 
the GA industry provides jobs and opportunities for thousands of people. One 
estimate put the value of GA at 1% of the US gross domestic product. 

GA flights account for more passengers and hours flown than commercial ser- 
vice operations. Approximately 24% of all GA flights are conducted for business 
or corporate use (GAO, 2004); nearly two-thirds of all business flights carry pas- 
sengers in midlevel management positions, sales representatives, and project 
teams for major corporations. GA accounts for three-quarters of all takeoffs and 
landings in the United States, contributes about $100 billion to the US economy, 
and has about 1.3 million jobs (GAO, 2004). These estimates do not include mul- 
tipliers, such as the number of jobs created by the hotel, rental car, restaurant, and 
tourist industries as a result of a GA airport in a community. 

The creation of GA security policies is important to protect these interests.” 
Many career airline, corporate, and military pilots were first inspired by an air- 
show or by visiting a GA airport, and then eventually conducting their flight 
training at a GA airport. The United States has one of the most robust GA indus- 
tries in the world and members of the aviation community have looked to protect 
that industry since 9/11. 

GA provides essential transportation services to a community, including: 


—_ 


. Relieving commercial service airports of GA traffic. 
2. Providing air cargo and US mail services. 
3. Providing essential medical transportation flights. 





‘https://www.youtube.com/watch?v =h6EEsP93AZ4. 

In 2008, the FAA lifted the age 60 rule to address the upcoming shortage of airline pilots. Future 
airline pilots train in GA aircraft, so any negative impact to the GA’s flight community may inad- 
vertently impact flight training, which is essential to filling tomorrow’s airline pilot ranks. 
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4. Providing a location for numerous businesses to operate, employing local 
citizens, and providing revenue streams into a city or county. 

5. Providing a location for flight training services. 

6. Allowing safe, secure, and essential corporate and business flight operations. 


The domain and mission of GA is often misunderstood by the public, policy 
makers, and regulators. GA consists of any flight operation that is not commercial 
service or military. These operations include flight training, personal or recreational 
flights, business aircraft operations, experimental aircraft, glider operations, sky div- 
ing, and other forms of flight operations. The FAA also has yet to define a category 
of operation for remotely piloted vehicles (RPVs) or UAVs, so for the purposes of 
this chapter, we will consider them to be GA operations as well. There is also debate 
within the industry as to which acronym is more viable—RPV or UAV. For our pur- 
poses, we have selected to use RPV. This chapter will also address helicopter secu- 
rity. While there are commercial and even scheduled helicopter flight operations, 
these are normally operated under Title 14 CFR Part 135 Air Taxi or Air Charter 
Operations and the majority of helicopter operations are flown as GA flights. 


SECURING GA 


Securing GA is challenging considering the magnitude and nature of GA opera- 
tions. There are approximately 450 commercial service airports in the United 
States and more than 5000 GA airports, plus an additional 14,000 private airstrips 
(also categorized as GA operations). Those 14,000 airports are not regulated by 
the FAA or the TSA. 

In 2009, reporters from a Houston TV station aired a segment highlighting how 
they were able to access a GA airport without being interdicted and had access to 
aircraft. The news story resulted in an investigation by the DHS Office of the 
Inspector General, which concluded that the allegations were not compelling and, 
while the reporters were able to access the airport, they were unaware of aircraft 
locking, grounding, and closed-caption television (CCTV) layers of security that 
would have made it difficult to actually take the aircraft (DHS OIG, 2009, p. 4). 
The report stated that GA presents only limited and mostly hypothetical threats to 
aviation security, but also noted that the potential for a terrorist group to use GA 
aircraft to conduct an attack remains a possibility that cannot be ignored. 

Most GA aircraft are too light to be used as a platform for conventional explo- 
sives and heightened vigilance by GA airport and aircraft operators would make 
it difficult for someone to load the necessary quantity of explosives without detec- 
tion. A 1300-lb bomb, like what was used against the World Trade Center in 
1993, would likely exceed the payload capacity of most light aircraft. The benefit 
GA aircraft do have over a truck bomb or ground-based attack is the ability to fly 
over most physical barriers and access points, so smaller scale attacks into sensi- 
tive, but heavily guarded (from the ground) facilities is a possibility. 


Securing GA 


The potential exists for light aircraft to be used as a delivery platform for 
chemical, biological, radiological, and nuclear (CBRN) forms of weapons. GA 
aircraft are capable of slow flight at relatively low altitudes above densely popu- 
lated areas and large congregations of people on the ground (Elias, 2009, p. 14). 
Their slow speed and the ease at which doors and windows on nonpressurized 
airplanes and helicopters can be operated in flight may actually pose a greater 
threat from CBRN attacks. Agricultural aircraft used for spraying crops with pes- 
ticides and fertilizers pose a unique threat as a platform for a biological or chemi- 
cal attack because they are specifically designed for aerial dispersal and could be 
exploited by terrorists for this specific purpose (Elias, 2009, p. 14). However, 
many chemical agents must be released in large concentrations to have a signifi- 
cant impact, and some, such as cyanide, may only be effective if released in an 
enclosed area. The effectiveness of other weapons, such as mustard gas and nerve 
agents, may be effective in open-air dispersal but the limited payload capacity of 
most light GA aircraft could limit that effectiveness (Elias, 2009, p. 14). Even in 
a crowded stadium a rapid response to an attack by the medical community could 
limit the effectiveness of the attack, but it would likely still cause fear, panic, pos- 
sibly thousands of injuries, and hundreds of deaths (Elias, 2009, p. 14). 

The threat of a radiological or nuclear release by a light GA aircraft is tem- 
pered somewhat by the fact that other means of attack (eg, a suitcase, a car) are 
just as effective as aircraft in delivering such a device to a target site. A report 
prepared for the Aircraft Owners and Pilots Association (AOPA) by a nuclear 
safety consultant noted that the threat to a reactor from a small GA aircraft is 
practically nonexistent (Elias, 2009, p. 14). 

Three primary issues should be considered when addressing security of GA 
airports and aircraft. First, what is the threat to GA airports and aircraft; second, 
what is the threat to the public or infrastructure from GA aircraft; and third, what 
security measures should be required or recommended to prevent both of the 
aforementioned threats from occurring? The GA community also considers the 
possibility of legislation that could economically imperil GA flight operations as 
a threat to the viability of industry and the safety of the public. 

Key threats include: 


1. The misuse or theft of a GA aircraft, either as a weapon of mass destruction 
(WMD), a delivery platform for an IED, or a CBRN element, flown into 
another aircraft in an intentional midair collision. 

2. Small aircraft (below 12,500 Ibs) may represent a threat from their ability to 
carry explosive elements, or CBRN, to a target such as an open-air stadium; 
explosives could be combined with a chemical agent, such as chlorine, 
multiplying the casualties. 

3. A large business aircraft could be hijacked and used as a WMD but arguments 
exist as to the effectiveness of such an attack based on aircraft fuel capacities 
and kinetic energy of the aircraft, as compared to the larger scheduled-service 
aircraft fleet. 
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4. The use of a GA aircraft for elicit activities such as drug, weapon, or human 
smuggling. 

5. Theft or sabotage of a GA aircraft, theft of aircraft rescue and firefighting 
equipment or fuel trucks, or sabotage or damage to a GA airport. 


In addition to these primary threats, there are secondary threats and uses of 
GA, such as a helicopter being used to coordinate a ground attack or as an obser- 
vation platform to survey a potential target. Helicopters have also been hijacked 
with the intent to use them for prison escapes or kidnapping executives on a 
corporate helicopter. 

The biggest challenge in preventing attacks either on or with GA aircraft is 
that GA operations are vastly different than flight operations at a commercial ser- 
vice airport. Therefore, GA operations cannot usually be secured with the same 
strategies and processes as used at commercial service airports. While there are 
some similarities between a GA private or charter operation and a scheduled- 
service operation (ie, passengers board a flight, bags are carried on board), 
security processes that are effective in one setting may be ineffective and even 
inappropriate in another. One notable difference is that in a scheduled-service 
operation most of the passengers do not know the pilot personally. In a GA pri- 
vate flight operation, many times the pilot is the employee of the passenger(s). To 
require passengers on a GA flight to be screened essentially puts the pilot in 
charge of screening his or her employer before being allowed onto an aircraft that 
is owned by that individual. However, in the case of an aircraft charter it would 
be more reasonable to accept that the passengers should be screened, as the flight 
operation does bear significant similarities to a scheduled-service operation. 
These are just a few examples of where a “blanket approach” to aviation security 
practices would most likely not work in GA. 

Operational policies and management philosophies between commercial ser- 
vice airports and GA airports frequently vary. Therefore, commercial airport secu- 
rity measures are typically not effective when applied in GA settings. Many GA 
tenants do not see the need for the complexity or expense associated with com- 
mercial airport security systems. Additionally, a commercial airport is designed to 
move passengers from land-based transportation, to air-based transportation, and 
back to land-based. A GA airport is more akin to a service center than as a hub 
for transferring passengers. Privately owned fixed-base operators (FBOs) provide 
fuel and maintenance services for aircraft and are many times the only “terminal” 
building on the airfield. Many GA airports have small to very little staff and the 
vast majority of GA airport managers do not have experience or training in airport 
security, since none are required to undergo the airport security coordinator 
(ASC) training that is required at a commercial service airport. 

Barriers to improving security measures within the GA system are amplified 
in that the public has traditionally assumed that risks or threats to GA operations 
can be entirely eliminated through legislation and regulations. Legislative or 
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regulatory actions alone are not able to completely ensure security at any airport, 
regardless of the category of operation. For example, a GA owner flying his or 
her personal aircraft into a building is an action outside of the traditional airport’s 
security system to detect or mitigate. 

Whether threats to or associated with GA constitute viable concerns to 
national security remains unclear. Hundreds of thousands of GA aircraft opera- 
tions are conducted every year, the vast majority of which pose little or no threat. 

Although commercial service airports operate under CFR Title 49 Part 1542, 
GA airports do not have a counterpart regulation. GA aircraft operations are regu- 
lated under Title 49 CFR Part 1550 for those aircraft operators conducting charter 
operations with aircraft in excess of 12,500 lbs maximum gross takeoff weight 
(MGTW) or aircraft operators whose passengers deplane into a sterile area. There 
are also GA operations at commercial service airports. About 300 out of the 5000 
GA airports in the United States are classified as GA but periodically host some 
commercial service operations, often for a few days a week or during certain sea- 
sons. Where GA operations occur on regulated commercial service airports, the 
tenants are required to adhere to both Part 1542 and the airport security program 
(ASP). In 2008, the TSA began working on the Large Aircraft Security Program 
(LASP), which would have regulated GA airports similarly to small commercial 
service airports. However, negative industry response was so overwhelming 
(nearly 10,000 comments to the notice of proposed rulemaking) that the TSA 
withdrew their initial proposal and began writing a new LASP, this time with 
industry input as part of the process. The new LASP places more focus on the air- 
craft operator as the responsible party for aircraft security and less on the airport 
operator. This change in policy reflects the operational realities and differences 
between commercial service and GA airports. 

GA airport operators should pay attention to rulemaking that impacts their 
GA operators, not just from a security perspective but also from an economic 
perspective. When the private charter rule was implemented, some GA airports 
saw their large aircraft operations shift to nearby commercial service airports 
where screening equipment and personnel were located. This migration reduced 
fuel revenue at those GA airports, normally a major source of a GA airport’s 
revenue stream. 


HOW 9/11 CHANGED GA 


The Aviation and Transportation Security Act of 2001 (ATSA 2001) and several 
other security measures aimed at restricting GA operations were implemented 
after 9/11. These regulations cover a variety of GA security concerns including 
security regulations addressing public and private charter flights, airspace restric- 
tions, and new rules for flight training operations (Title 49 CFR Part 1552). 
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PILOTS 


A significant change to aviation (GA and commercial) affecting pilots was the 
change in document format to the long-standing pilot certificate. Before 9/11, pilot 
certificates (commonly and erroneously called “licenses”) were simple in design 
and fairly easy to duplicate. Initially, the FAA discussed switching to a pilot certifi- 
cate that included the pilot’s photograph, but the AOPA objected on the grounds 
that there was a simpler and less costly alternative—to require all pilots to have 
both the pilot certificate and a government-issued photo ID while flying. Title 14 
CFR Part 61.3(a)(1) already required the pilot in command (PIC) or flight crew- 
member to have a valid flight certificate in their possession when operating an air- 
craft. Government-issued photo ID must now be in the pilot’s possession (Title 14 
CFR Part 61.3(a)(2)(i—vi)). The FAA also issued redesigned pilot certificates, 
which are difficult to forge (Fig. 9.1). When a pilot applies for a medical certificate 
or any new flight rating or certificate, the TSA checks the applicant against the 
no-fly and selectee lists, and possibly other terrorists watch lists. 

The Intelligence Reform and Terrorism Prevention Act passed in 2004 called on 
the FAA to create regulations that would require a photo on the airman certificate—a 
measure heavily opposed in the pilot community. After several years of rulemaking 
and debate, the FAA dropped the requirement in January 2016 (FAA, 2016). 


AIRSPACE 


Since 9/11, the US government has maintained that an efficient way to protect 
lives and facilities where large numbers of people gather is to restrict flight in the 
airspace around those venues. In addition to these temporary flight restrictions 
(TFRs), several areas within the United States are permanently restricted in the 
interest of national security. The 9/11 attacks significantly expanded these restric- 
tions. Airspace restrictions primarily fall under the following five categories: 


1. The air defense identification zone (ADIZ) extends from the surface to 
18,000 ft. A contiguous ADIZ surrounds the entire United States. For an 
aircraft to enter an ADIZ, either an instrument flight rules (IFR) flight plan or 
a defense visual flight rules (DVFR) flight plan is required. ADIZs are 
established over other areas such as military bases and centers of government 
(eg, Washington, DC). VFR traffic entering an ADIZ must have permission 
from an air traffic control center. 

2. A flight restriction zone extends in a circle around the Washington Monument. 
Entry is authorized only to those who have received a waiver from the TSA. 

3. Prohibited airspace is continuously off limits. P-56, the prohibited area above 
the US White House, extends from the ground to 18,000 ft. P-40 is the 
designation for the prohibited airspace above Camp David. 

4. Restricted airspace is more flexible than prohibited airspace. Restricted 
airspace can be entered with permission of air traffic control. There is a large 
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FIGURE 9.1 
Sample of (A) pre- and (B) post-9/11 pilot certificate. 


area of restricted airspace surrounding Camp David, MD, which becomes 
prohibited airspace when the US president is staying there. 

5. TFRs are areas temporarily designated as restricted or prohibited airspace. 
These are frequently established for special activities such as sporting events 
or when the president flies into a city outside of Washington, DC. There are 
TFRs over Disneyland in California and Walt Disney World in Florida, 

US power plants, various air shows, and other activities. 
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Other special-use airspace also exists and must be observed by GA pilots. 
National security areas, military operations areas, and military training routes are 
areas of special-use airspace, which may be generally accessed by VFR traffic. 

Operations in the Washington, DC, ADIZ (and other areas of restricted airspace) 
fall under Special Federal Aviation Regulations. The establishment of TFRs and the 
expanded ADIZ over Washington, DC, resulted in numerous violations as GA pilots 
on VFR flights wandered into restricted or prohibited airspace. The AOPA and 
other GA groups have been strong opponents of unnecessary TFRs, although the 
AOPA remains a strong supporter of sound GA security measures. 


TEMPORARY FLIGHT RESTRICTIONS 


Airspace restrictions are one strategy that the government uses to protect facilities 
and congested populations during special events. The issuance of TFRs has 
become a confusing issue for the GA community and has resulted in thousands of 
unintentional violations. The FAA has a web site where pilots can find informa- 
tion on TFRs, but it is still difficult for pilots to stay current with new and chang- 
ing TFRs (Fig. 9.2). 

As of December 2006, there were 6658 TFR violations since 9/11. More than 
1600 were within TFRs over locations where the US president was traveling, 
more than 3000 were related to Washington, DC, security breaches, and 2600 
were related to pilots inadvertently flying into the Washington, DC, ADIZ 
(Trautvetter, 2006). In many cases, the aircraft in violation had to be intercepted 
by a US military or Customs and Border Protection aircraft. To date, no infraction 
has resulted in a civilian aircraft being shot down. Part of the reason there are so 
many airspace violations is that pilots often misinterpret or do not understand 
when a TFR has been issued, or the flight requirements associated with the TFR. 
Another problem contributing to airspace violation is that prior to 9/11, pilots 
were used to restrictions being designated on navigational charts—TFRs were 
extremely rare. Pilots must now diligently read each applicable NOTAM (notice 
to airmen) and check additional information online to ensure that he or she has all 
of the information essential for the flight, including TFRs, which are temporal in 
nature. The FAA recently started a Washington, DC, ADIZ and TFR training 
information in an attempt to reduce the number of violations (see http://www.faa. 
gov/pilots/safety/notams_tfr/media/tfrweb.pdf). 

One notable airspace violation occurred on May 11, 2005, when two pilots in 
a Cessna 172 strayed into the ADIZ over Washington, DC. The aircraft flew 
within three miles of the US White House, prompting officials to evacuate several 
government buildings. For 8 minutes the alert level at the White House was raised 
to red. A Blackhawk helicopter and two F-16s escorted the aircraft to landing, 
and the pilots were taken into custody (CNN, 2005). 
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000 NOTAM Text 





FDC 8/1522 ZDV PART 1| OF 5 CO.. FLIGHT RESTRICTIONS. DENVER, CO, AUGUST 25-28, 2008 
LOCAL. THIS NOTAM REPLACES NOTAM 8/1191 DUE TO ADDITION OF PROCEDURES FOR 
CENTENNIAL AIRPORT, CO (KAPA). PURSUANT TO 49 USC 40103(B), THE FEDERAL AVIATION 
ADMINISTRATION (FAA) CLASSIFIES THE AIRSPACE DEFINED IN THIS NOTAM AS 'NATIONAL 
DEFENSE AIRSPACE’. ANY PERSON WHO KNOWINGLY OR WILLFULLY VIOLATES THE RULES 
CONCERNING OPERATIONS IN THIS AIRSPACE MAY BE SUBJECT TO CERTAIN CRIMINAL 
PENALTIES UNDER 49 USC 46307. PLOTS WHO DO NOT ADHERE TO THE FOLLOWING 
PROCEDURES MAY BE INTERCEPTED, DETAINED AND INTERVIEWED BY LAW 
ENFORCEMENT/USSS/SECURITY PERSONNEL. PURSUANT TO TITLE 14 CFR SECTION 99.7, 
SPECIAL SECURITY INSTRUCTIONS, ALL AIRCRAFT FLIGHT OPERATIONS ARE PROHIBITED 
WITHIN A 10 NMR OF 394456N/1050024W OR THE BJC137011.6 UP TO BUT NOT INCLUDING 
18000 FT MSL. THE AIRSPACE EAST AND SOUTH OF A LINE FROM 393705N/1045230W TO 
394107N/1045238W TO 394105N/1044830W UP TO AND INCLUDING 8000 FT MSL IS EXCLUDED 
FOR IFR ARRIVALS AND DEPARTURES ONLY TO/FROM CENTENNIAL AIRPORT, CO (KAPA). 
FFECTIVE 0808252000 UTC (1400 LOCAL 08/25/08) UNTIL 0808260500 UTC (2300 LOCAL 08/25/08), 
0808262000 UTC (1400 LOCAL 08/26/08) UNTIL 0808270500 UTC (2300 LOCAL 08/26/08), 0808272000 
UTC (1400 LOCAL 08/27/08) UNTIL 0808280500 UTC END PART 1 OF 5 FDC 8/1522 ZDV PART 2 OF 
5 CO.. FLIGHT RESTRICTIONS. DENVER, CO, (2300 LOCAL 08/27/08), AND 0808282200 UTC (1600 
LOCAL 08/28/08) UNTIL 0808290500 UTC (2300 LOCAL 08/28/08). WITHIN A 30 NMR OF 
394456N/1050024W OR THE BJC137011.6 UP TO BUT NOT INCLUDING 18000 FT MSL EFFECTIVE 
0808252000 UTC (1400 LOCAL 08/25/08) UNTIL 0808260500 UTC (2300 LOCAL 08/25/08), 0808262000 
UTC (1400 LOCAL 08/26/08) UNTIL 0808270500 UTC (2300 LOCAL 08/26/08), 0808272000 UTC (1400 
LOCAL 08/27/08) UNTIL 0808280500 UTC (2300 LOCAL 08/27/08), AND 0808282200 UTC (1600 
LOCAL 08/28/08) UNTIL 0808290500 UTC (2300 LOCAL 08/28/08). EXCEPT AS SPECIFIED BELOW 
AND/OR UNLESS AUTHORIZED BY THE AIR TRAFFIC SECURITY COORDINATOR VIA THE 
DOMESTIC EVENTS NETWORK (DEN): A. ALL AIRCRAFT OPERATIONS WITHIN THE 10 NMR 
AREA(S) LISTED ABOVE, KNOWN AS THE INNER CORE(S), ARE PROHIBITED EXCEPT FOR: 
APPROVED LAW ENFORCEMENT, MILITARY AIRCRAFT DIRECTLY SUPPORTING THE UNITED 
STATES SECRET SERVICE (USSS) AND THE OFFICE OF THE PRESIDENT OF THE UNITED 
STATES, APPROVED AIR AMBULANCE FLIGHTS, AND REGULARLY SCHEDULED END PART 2 
OF 5 FDC 8/1522 ZDV PART 3 OF 5 CO.. FLIGHT RESTRICTIONS. DENVER, CO, COMMERCIAL 
PASSENGER AND ALL-CARGO CARRIERS OPERATING UNDER ONE OF THE FOLLOWING TSA- 
APPROVED STANDARD SECURITY PROGRAMS/PROCEDURES: AIRCRAFT OPERATOR 
STANDARD SECURITY PROGRAM (AOSSP), FULL ALL-CARGO AIRCRAFT OPERATOR 
STANDARD SECURITY PROGRAM (FACAOSSP), MODEL SECURITY PROGRAM (MSP), TWELVE 
FIVE STANDARD SECURITY PROGRAM (TFSSP) ALL CARGO ONLY, OR ALL-CARGO 
INTERNATIONAL SECURITY PROCEDURE (ACISP) AND ARE ARRIVING INTO AND/OR 
DEPARTING FROM 14 CFR PART 139 AIRPORTS. ADDITIONALLY ALL WAIVERS ARE 
TEMPORARILY SUSPENDED DURING THE TIME OF THIS NOTAM EXCEPT FOR ELO, GOV AND 
SPO WAIVERS. B. FOR OPERATIONS WITHIN THE AIRSPACE BETWEEN THE 10 NMR AND 30 
NMR AREA(S) LISTED ABOVE, KNOWN AS THE OUTER RING(S): ALL AIRCRAFT OPERATING 
WITHIN THE OUTER RING(S) LISTED ABOVEARE LIMITED TO AIRCRAFT ARRIVING OR 
DEPARTING LOCAL AIRFIELDS, AND WORKLOAD PERMITTING, ATC MAY AUTHORIZE 
TRANSIT OPERATIONS. AIRCRAFT MAY NOT LOITER. ALL AIRCRAFT MUST BE ON AN 
ACTIVE IFR OR VFR FLIGHT PLAN WITH A DISCRETE CODE ASSIGNED BY AN AIR TRAFFIC 
CONTROL (ATC) FACILITY. AIRCRAFT MUST BE SQUAWKING THE DISCRETE CODE PRIOR TO 
DEPARTURE AND AT ALL TIMES WHILE IN THE TFR AND MUST REMAIN IN TWO-WAY RADIO 
COMMUNICATIONS WITH ATC. C. FOR OPERATIONS WITHIN THIS TFR, ALL USSS VETTED 
AIRCRAFT OPERATORS END PART 3 OF 5 FDC 8/1522 ZDV PART 4 OF 5 CO.. FLIGHT 
RESTRICTIONS. DENVER, CO, BASED IN THE AREA AND ALL EMERGENCY /LIFE SAVING 
FLIGHT (AIR AMBULANCE/LAW ENFORCEMENT/FIREFIGHTING) OPERATIONS MUST 
COORDINATE WITH ATC PRIOR TO THEIR DEPARTURE AT 303-626-6580 TO AVOID POTENTIAL 
DELAYS. D. THE FOLLOWING OPERATIONS ARE NOT AUTHORIZED WITHIN THIS TFR: 


FIGURE 9.2 
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Example of Notice to Airman about a TFR over Denver, CO. 
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GENERAL AVIATION AIRPORT SECURITY PROGRAM 


Since 9/11, the TSA and the US Congress have focused on creating security regu- 
lations for commercial service airports and the airline industry. These regulations 
have had minimal impact on GA operations. In cases where Congress and the 
TSA have addressed GA security issues, the focus has been primarily on GA air- 
craft operators and not GA airport operators. The TSA published GA airport 
security guidelines in 2004 (Fig. 9.3). However, in 2008, the TSA started imple- 
menting more security outreach programs to GA airports. Without the impetus of 
an attack directed toward the GA community, it is difficult to predict whether GA 
airports will eventually be regulated. However, there are numerous GA security 
related best practices that can be implemented. GA airport operators should con- 
sider implementing security measures to prevent GA from being used in a terror- 
ist attack, which would subsequently create a need for new transportation security 
regulations specific to GA. In 2011, new security guidelines were drafted but 
have yet to be put into effect—the 2004 version remains the most current, 
published version. 

With a lack of security regulations covering GA airport operations, GA airport 
sponsors (owners and operators, such as city and county governments) routinely 
question why security measures and related funding should be of concern. GA 
sponsors also note that there has been minimal federal funding for GA airport 
security measures and that FAA AIP grants receive safety and other airfield pro- 
jects first, and security second, third, or fourth.’ Since 9/11, funding for GA air- 
port security has come primarily from the airport and local and state government 
agencies or the occasional TSA pilot program. 

The DHS has identified three security threats related to the GA community: 
using a GA aircraft as a WMD, using GA aircraft to transport dangerous indivi- 
duals into the country, and using GA aircraft to transport dangerous materials into 
the country. There is some evidence to support these concerns as, again, the GA 
industry was heavily used throughout the 1970s, 1980s, and 1990s to smuggle 
drugs into the United States. Additionally, it was within the GA flight training 
industry where the 9/11 hijackers trained. GA airports house fuel trucks and fire 
trucks, any of which can be stolen and used for other purposes, such as a bomb or 
to gain or force access into a secure area. Liquefied natural gas tankers, nuclear 
facilities, and similar targets that have naturally occurring standoff distances from 
ground attacks remain vulnerable to aerial attacks from both GA and commercial 
service aircraft. 

GA airports may also be targets for domestic terrorism, acts of violence from 
radical environmental or wildlife activists groups, criminal activities, or even 
workplace violence.* Certain structures on airports may be considered high-value 
targets, particularly air traffic control facilities and airway navigation equipment. 





*In 2008, the DHS began assessing possible federal funding programs for GA security measures. 
“For example, in 2006 at Grand Junction, CO, a former air traffic controller constructed pipe bombs 
and detonated them outside the homes of his former coworkers and an FAA employee. 
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FIGURE 9.3 


TSA threat advisory issued by the DHS to GA airport and aircraft operators was one of the 
first attempts to secure GA (TSA, 2004). 


A small air traffic control tower at a remote GA airport may not seem a likely 
target for an international terrorist organization because of its limited impact on 
the national aviation system, however, its destruction could be a significant 
achievement for a domestic terrorist organization determined to make a statement 
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about the impact of aviation on the environment or to inflict harm to a society 
and its government. 

GA airports are often sources of concern and discussion by environmental 
organizations. Airport managers routinely find themselves involved in commu- 
nity noise issues, wildlife management, development projects, wetland protec- 
tion, and management of storm water runoff. These issues are often interrelated 
with other environmental concerns such as deicing chemicals or pesticides. 
These and many other issues are environmentally important, making airports 
and associated facilities potential targets for eco-terrorist groups, vandalism, 
and civil disturbances. 

A study conducted by the GAO in 2004 pointed out the security risks posed 
by GA aircraft. In 2004, the Secretary of the DHS acknowledged that the 
department, along with the CIA, FBI, and other agencies, lacked precise knowl- 
edge about the time, place, and methods of potential terrorist attacks related to 
GA. Additionally, industry and TSA officials stated that the small size, lack of 
fuel capacity, and minimal destructive power of most GA aircraft make them 
unattractive to terrorists and, thereby, reduce the possibility of threat associated 
with their misuse. Historical intelligence indicates that terrorists have expressed 
interest in using GA aircraft to conduct attacks. The following are examples of 
intelligence information indicating terrorist interest in GA: (1) CIA reported 
that terrorists associated with the September 11 attacks expressed interest in the 
use of crop-dusting aircraft (a type of GA aircraft) for large area dissemination 
of biological warfare agents such as anthrax; (2) CIA reported that one of the 
masterminds of the September 11 attacks originally proposed using small air- 
craft filled with explosives to carry out the attacks; (3) in May 2003, the DHS 
issued a security advisory indicating that al-Qaeda was in the late stages of 
planning an attack, using GA aircraft, on the US Consulate in Karachi, 
Pakistan, and had also planned to use GA aircraft to attack warships in the 
Persian Gulf (GAO, 2004, p. 16). 

The GAO also noted that many of the approximately 19,000° GA airports 
have unique characteristics that might make them viable for terrorist activity. 
With such a large number of GA airports, it would be difficult to conduct individ- 
ual onsite vulnerability assessments. There is an economic benefit to securing a 
GA airport. A secure airport can attract corporate operators who are looking to 
protect their multimillion-dollar investment in aircraft transportation. Without 
proper security measures, corporate operators often will land at a GA airport to 
drop off or pick up passengers, then ferry the aircraft to another nearby airport 
that does have adequate security (eg, perimeter fencing, security patrols, and air- 
field access control measures). In these cases, the unsecured GA airport often 
loses the fuel sales and service fees. Airfield security measures usually have an 
added safety benefit by restricting access to those who have business on the 





°This number includes an estimated 14,000 private airstrips subject to no regulatory authority. 
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airport. Access control measures have been successfully used to reduce runway 
incursions for several years, and fencing helps keep wildlife and the public from 
inadvertently coming onto the airfield. 

Some airport tenants oppose security measures at their GA airport. Airport 
operators can argue that security measures not only protect the investment a ten- 
ant has made in facilities and aircraft but also the investment in their aviation 
career or hobby. 

Few in the GA airport community want to administer new TSA regulations. 
With every new GA security incident, lawmakers again examine GA as a poten- 
tial concern for national security. Some legislators would like to see greater TSA 
regulations on GA operations, and some would even like to eliminate GA in the 
United States.° 

Without regulatory guidance, the creation of ASPs for GA airports can be dif- 
ficult. Most GA airport operators attempt to follow the format and guidelines for 
the commercial service ASPs. There are thousands of GA airports, which have an 
endless variety of airport operating characteristics, and this makes the creation of 
a “model” GA ASP problematic. Most GA airport operators attempting to 
construct a security program use the Airport Characteristics Measurement Tool 
provided within the TSA’s IP-001 to determine baseline security measures.’ 

Robinson Aviation, Inc. (RVA), a Virginia-based company that conducted GA 
security assessments throughout Virginia and other states, developed an ASP 
format for GA. Its guidelines are summarized here’: 


1. RVA’s GA ASP Contents Notification that the document is protected as 
confidential information. 

2. Distribution of the security plan and record of amendments. 

3. ASC contact information and security responsibilities. 

4. General airport information: description of the airport, organizational 
structure, airport activities and characteristics, emergency contact telephone 
numbers, airport administration, and airport address. 

5. Definitions and terms. 

6. Description of the aircraft movement area (AMA). Some GA operators may 
elect to use the AMA in lieu of using the Part 1542 terminology of air 
operations area, secured area, and so on to delineate the location that must 
be protected (ie, the airfield). 





Even nonsecurity incidents involving GA aircraft can create a political firestorm. In 2006, a small 
airplane, piloted by New York Yankee’s pitcher Cory Lidle and his flight instructor, crashed into 
an apartment building. The crash created a public relations problem in regard to the safety and 
security of GA aircraft. Industry organizations such as the AOPA worked hard to convince law- 
makers that despite the crash, placing further restrictions on GA was not necessary. 

7The American Association of Airport Executives has also created a series of GA airport security 
training films available through Digicast video programs (TSA, 2004). 

SWith permission of RVA; see www.rvainc.net. 
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10. 


11. 


12. 
13. 


. Description of the airport security procedures, including the designation of 


areas if so desired, access control procedures, airport security processes, and 
perimeter barriers/fencing. 


. Acopy of the airport emergency plan (AEP) grid map. Normally, this map is 


used by off- and on-airport fire response personnel to locate crash sites. It is 
also helpful for LEOs when they need to respond to a particular part of the 
airfield and should be supplied to those local LEOs who normally patrol or 
respond to the airport. 


. Identification of airport personnel. This section describes the personnel 


identification and vehicle identification system. At airports with formalized 
badging, this section describes the background checks that individuals are 
required to undergo to receive a badge, and any security training they must 
complete, along with recurrent certification procedures. Although many GA 
airports do not have a formalized badging process (some do), other forms of 
ID can be used to properly identify who is on the airfield. Some examples 
are government-issued photo IDs and FAA-issued pilot certificates, law 
enforcement or emergency worker identification, FAA or TSA inspector 
credentials, military identification, or a driver’s license. Vehicle 
identification requirements are also described in this section, along with the 
requirements to obtain appropriate vehicle identification. 

Law enforcement support. This section includes any memorandums of 
understanding or letters of agreement that exist between the airport and any 
law enforcement agency, plus descriptions of the roles and responsibilities of 
federal, state, and local law enforcement agencies with respect to the airport. 
This section includes communication protocols with law enforcement, 
records of LEO activity on airport property, and any training programs for 
LEOs for airport security response procedures. 

Airport security committee. This section describes the makeup, mission, and 
meeting schedule of the airport security committee. The committee should 
include the airport operator, local law enforcement and any contracted 
airport security personnel, representatives from the airport tenants including 
FBO management, corporate operators, small aircraft operators, flight 
schools, aircraft maintenance operators and similar personnel, aircraft rescue 
and firefighting personnel, and local community representatives. To keep the 
size of the committee manageable, airport tenants with similar business 
structures may wish to appoint a designee to represent their interests 
collectively. For example, at airports where there are dozens of based 
corporate flight operators and perhaps hundreds of small aircraft operators, 
they will usually form their own associations on the airport. These 
associations should be represented on the security committee. 

Security training programs for airport tenants. 

Local TSA and FBI contact information for individuals who can work with 
the airport operator on security-related issues. 


GA Airport Security Best Practices 


14. Information technology security procedures to ensure computer security is 
maintained, including management and operational controls. 

15. Most GA airports have an AEP that describes procedures to be used in the 
event of a number of emergencies, including aircraft crashes, power outages, 
hazardous material incidents, and bomb threats. When an ASP is developed 
for a GA airport, the security sections—hijacking, bomb threat, IED 
detection and mitigation, and so on—should be extracted from the AEP and 
placed in the security plan. This will prevent the inadvertent release of 
sensitive security information to the general public as the AEP is usually a 
public document and susceptible to open records requests. 


Should GA airports be regulated, it is likely that the regulations will 
contain elements of, if not completely mirror, Part 1542 Partial Security 
Programs. In developing an ASP for a GA airport, the operator should take this 
into consideration. 


GA REPAIR STATIONS 


Title 14 CFR FAR Part 145 Repair Stations addresses regulations relating to those 
businesses that hold a certificate issued by the FAA and is engaged in the mainte- 
nance, preventive maintenance, inspection, and alteration of aircraft and aircraft 
products. The term “MRO” is a term used throughout the industry, referring to 
GA repair stations as maintenance, repair, and overhaul facilities. TSA regulations 
require each MRO to allow TSA and other authorized DHS officials, at any time 
and in a reasonable manner, without advance notice, to enter, conduct any audits, 
assessments or inspections of any property, facilities, equipment and operations; 
and to view, inspect, and copy records as necessary to carry out TSA’s security- 
related statutory or regulatory authorities. MROs that are on an airport with TSA 
security program with commercial service, and working on aircraft with a gross 
takeoff weight of greater than 12,500 Ibs, have additional security requirements, 
such as preventing unauthorized operation of aircraft that are currently under the 
control of the Repair Station, and background checks for personnel who have 
access to the airplane (SEAero, 2014). 


GA AIRPORT SECURITY BEST PRACTICES 


Creating security procedures at GA airports requires operators to consider numer- 
ous logistical concerns. GA airport operations vary widely in size and nature. 
Some may be single dirt strips with a couple of flight training aircraft conducting 
three or four operations a month. Others may be large, busy corporate GA airports 
with numerous runways located near large cities, accommodating 20,000 opera- 
tions or more a month, mostly with large business jet aircraft. Many smaller GA 
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airport operators believe they pose very little security risk, whereas larger 
GA airports provide access to aircraft carrying tens of thousands of gallons of 
fuel, making them potential weapons. 

Staffing at GA airports also varies. Smaller airports tend to have one person 
who acts as the airport manager and fulfills all roles related to keeping the airport 
operational. At some of these small facilities, the airport manager may not be a 
full-time employee. In some locations, the manager is a staff member from the 
city or county public works department who has been assigned the duty of man- 
aging the airport. Medium-sized GA airports usually have staff ranging from 2 to 
10 personnel, whereas the largest GA airports can employ 20 or more, allocated 
into divisions such as operations, maintenance, planning, and administration. 
Large GA airports have organizational structures that can usually focus more 
effort on managing security. 

Funding for security at GA airports is also problematic. The cost of provid- 
ing security can be prohibitive to a GA airport, as the GAO (2004) noted 
in the following report: GA airports have received some federal funding for 
implementing security upgrades since September 11, but have funded most 
security enhancements on their own. GA stakeholders we contacted expressed 
concern that they may not be able to pay for any future security requirements 
that TSA may establish. In addition, TSA and FAA are unlikely to be able 
to allocate significant levels of funding for GA security enhancements, 
given competing priorities of commercial aviation and other modes of trans- 
portation (p. 39). 

Several airport directors interviewed for the GAO (2004) report noted the use 
of AIP funds normally reserved for airport safety capital improvements, to pay 
for security upgrades. Because GA airports are generally not subject to any fed- 
eral regulations for security, in order to meet eligibility requirements for their 
grants, GA airport projects are generally limited to those related to safety but 
have security benefits, such as lighting and fencing, as well as the acquisition and 
use of cameras, additional lighting, and motion (p. 40). 

Funding may be available from the DHS through the State Homeland 
Security Grant Program. The State Homeland Security Grant Program provides 
funding to states to purchase equipment to protect critical infrastructure. This 
includes funding safety measures applied to GA airports. For example, 
Wisconsin “plans to use at least $1.5 million of its $41 million Homeland 
Security Grant in 2004 to enhance security at GA airports located along the 
Great Lakes” (GAO, 2004, p. 41). 

Preventing aircraft theft is primarily the aircraft owner’s responsibility. Simple 
precautions such as locking the aircraft when not in use, securing the flight con- 
trols with throttle or control locks, putting the aircraft in a hangar, and placing 
anti-tamper tape over the aircraft doors can significantly reduce the risk of theft. 
These security practices should be encouraged in airport literature, signage, and 
with any airport and FBO personnel. 
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STATE OF GA SECURITY 


In 2007, the Airport Cooperative Research Program (ACRP)/Transportation 
Research Board (TRB) completed a study of GA safety and security practices. 
The report discovered several interesting perspectives related to GA security: 


1. Federal regulation of GA airports is very limited and often left to the states, more 
than half of which have licensing and inspection requirements for GA airports 
(ACRP, 2007, pp. 6—7). These requirements are most often related to safety and 
follow the Part 139 guidelines, but they are not necessarily related to security. 

2. GA airports frequently enter into agreements with local emergency responders 
and other federal and state law enforcement agencies to assist with security 
(ACRP, 2007, p. 14). 

3. Although both the FAA and the TSA have promulgated legislation to address 
GA airports, few actual regulations have been generated (ACRP, 2007, p. 15). 

4. The majority of GA airports (80%) that responded to the TRB’s survey 
reported that they do have a security plan in place. However, many do not 
have an active airport security committee (ACRP, 2007, p. 15). 

5. With respect to perimeter fencing, most of the airports were greater than 40% 
fenced, and fencing was reported to be one of the primary upgrades to 
security. The report also noted that most fencing was in place before 9/11 and 
was intended to deter wildlife from the airfield (ACRP, 2007, p. 16). 

6. Most airports participate in the Airport Watch program of the AOPA 
(discussed later in the chapter), and one airport, Centennial Airport in Denver, 
CO, takes it a step further and offers a reward program for providing 
information that leads to an arrest or investigation. 

7. Several states, including Virginia and Colorado, had taken additional measures 
related to GA airport security. Virginia now has a voluntary security certification 
program and airports may receive education as well as technical and resources 
assistance to secure their facilities. Colorado’s Office of Preparedness and 
Security developed the Terrorism Protective Measures Resource Guide, and one 
airport operator called in the National Guard’s Full-Spectrum Integrated 
Vulnerability Assessment team to assess the airport’s vulnerabilities. 

8. Several industry organizations including the National Business Aviation 
Association (NBAA) and Airport’s Council International developed security 
guidance for their members. 


ATTEMPTS TO SECURE GA 


In 2003, the TSA commissioned an aviation security advisory committee 
comprised of numerous industries such as the American Association of 
Airport Executives, the NBAA, and the National Air Transport Association. 
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The committee developed a comprehensive list of recommendations, which were 
forwarded to the TSA for consideration resulting in Information Publication (IP) 
A-001 Security Guidelines for GA Airports (TSA, 2004). IP A-001 is publicly 
available through the TSA. It is not mandatory for GA airports. 


IP A-001 focused on security enhancements in six areas: personnel, aircraft, 


airports/facilities, surveillance, security procedures and communications, and specialty 
operations (eg, agricultural flights). Among the recommendations are the following: 


1. 


Personnel: 

a. The PIC should verify the identities of his or her passengers. 

b. Restrict access to aircraft by student pilots. 

c. FBOs should implement sign-in/sign-out procedures for transient pilots. 


. Aircraft: 


a. Aircraft should be secured using existing mechanisms such as door locks, 
keyed ignitions, aircraft stored in hangars, and the use of propeller or 
throttle locks or security tape. 


. Airports/facilities: 


a. Implement reasonable vehicle access controls to facilities and ramps, 
including signage, fencing, gates, or other positive control techniques. 

b. Install outdoor lighting covering aircraft parking and hangar areas, fuel 
farm and fuel truck parking areas, and airport access points. Fuel trucks 
and fire trucks should require higher levels of protection. 

c. Secure hangar doors when unattended. 

d. Post signs warning against trespassing and unauthorized use of aircraft, 
and post phone numbers to airport operations and the nearest law 
enforcement agency (Fig. 9.4). 


. Surveillance: 


a. Implement an airport community watch program such as the AOPA’s 
Airport Watch. 

b. Familiarize local LEOs with the airport facilities. This should include 
advising law enforcement of who is authorized to be on the property, how 
to drive on the airfield without endangering aircraft, and the normal 
operations for that airfield. 

Security procedures and communications: 

a. Create a security plan for the airport including an emergency locator map 
(often used by the fire department to quickly find facilities at an airport), 
and create procedures for handling bomb threats and suspected stolen or 
hijacked aircraft. 

b. Develop a threat communications system including 24-hour phone 
numbers for the airport director, local police or sheriff’ s department, fire 
department, FBI, TSA, and other organizations. 

Specialty operations: 

a. This section addresses agricultural aircraft operations and the importance 
of aircraft owners to control access to their aircraft and chemicals. 
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REPORT SUSPICIOUS ACTIVITY 


1-866-GA-SECURE 


(1-866-427-3287) 
FOR EMERGENCIES 
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FIGURE 9.4 


Signs are posted at airports listing the GA security hotline. 


The TSA also included an airport self-assessment that airport operators could 
use to determine security measures they should be implementing. The TSA has 
attempted to put the assessment tool into a computer program, but that effort 
has not been successful because of the variety of operational characteristics in 
GA airports. Frustrated with what was perceived as a lack of effort in GA secu- 
rity, Congress included in the 9/11 Act language requiring the TSA to assess the 
threats and vulnerabilities of GA airports by August 2008. The TSA missed 
the deadline. However, the TSA is taking an additional step with the assessment 
tool by giving airport operators “credit” for security actions they have previ- 
ously taken. The assessment tool rated airports based on their vulnerability, but 
it did not have an offset score if the airport operator had taken prior security 
mitigation measures. 


STATE ACTIONS 


Several states have started to adopt their own GA airport regulations. Many of 
these programs have been in response to specific aviation security incidents such 
as the theft of an aircraft from the Danbury Airport in Connecticut in 2005. A 
20-year-old intoxicated man hijacked the aircraft and then flew himself and three 
friends from the GA airport to Westchester County Airport in New York. 
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Because of this incident, a WABC—New York Channel 7 investigation discov- 
ered lax security at several GA airports. WABC—New York reported observing 
open gates along with fencing in various states of disrepair at these GA airports. 
These conditions should not be altogether surprising, as there is presently not a 
mandate for GA airports to have security measures, nor is there funding to estab- 
lish security measures at GA airports.” 

With high fuel capacities, many GA business jets could serve as effective 
weapons if used in a manner similar to the airliners on 9/11. These incidents have 
prompted states to take various security-related actions at GA airports. For exam- 
ple, Colorado conducted a study of its 64 GA airports to determine what TSA 
security measures should be applied. In 2004, New York passed the Anti- 
Terrorism Preparedness Act, which required all GA airports in the state to register 
with New York’s Department of Transportation and create a security plan. New 
York passed a bond measure that provides $30 million in capital improvements 
for security measures at GA airports. In Connecticut, the AOPA worked with the 
Governor’s Aviation Task Force to promote GA security. In Virginia, the state 
requires GA airports to conduct vulnerability assessments by different agencies, 
such as law enforcement and security consultants. At Centennial Airport in 
Colorado, airport director Robert Olislagers raised fuel fees with the consent of 
his FBOs to pay for security enhancements and worked with the TSA on testing 
new GA-related security programs. 

Historically, it has been illegal for states to impose regulations on federally 
funded airports. Although this has occurred in some states, such as California, the 
FAA is very careful that state restrictions or regulations on airports do not inter- 
fere with the national air traffic control system or intrastate commerce. New York 
attempted to require pilots in their state to undergo criminal history record checks 
(CHRCs). The AOPA sued New York, contending that any attempts to regulate 
security would be a violation of the supremacy clause of the US Constitution, 
which invalidates state laws that conflict with federal laws. The AOPA contends 
that the federal laws on pilot background checks were adequate. In 2002, several 
states attempted to pass laws placing severe restrictions on GA aircraft operators 
but met strong opposition by the FAA. 


AOPA’S AIRPORT WATCH 


One of the more popular GA security programs is the AOPA/TSA partnership 
Airport Watch. This program enlists the support of 550,000 GA pilots to watch 
for and report suspicious activities that might have security implications. The 
AOPA has distributed Airport Watch materials to 5400 public-use GA airports, 
pilot groups, and individual pilots. To build on the success of these local efforts, 
the program includes special materials such as a video to train pilots to be alert 
for suspicious people or activities at the airport. Airport Watch encourages GA 





°*Danbury’s airport management had implemented various security measures before the theft. 
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pilots and airport operators to call 911 or the GA security hotline (1-866-GA- 
SECURE) when they see suspicious activity at their airport (see Fig. 9.4). 

Airport Watch recommends that people watch for the following as indications 
of security-related concerns: 


1. Pilots who appear to be under the control of another party. 

. Anyone trying to access an aircraft through force—without keys, or using a 
crowbar or screwdriver. 

3. Anyone who seems unfamiliar with aviation procedures trying to rent an 
airplane. 

. Anyone who misuses aviation terminology or jargon. 

. People or groups who seem determined to keep isolated, including stakeholders 
to the airport who strive to avoid contact with you or other airport tenants. 

. Anyone who appears to be just loitering, with no specific reason. 

. Any out-of-the-ordinary videotaping of aircraft or hangars. 

. Aircraft with unusual or obviously unauthorized modifications. 

. Dangerous cargo or loads—explosives, chemicals, openly displayed 
weapons—being loaded into an airplane. 


of 
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In 2011, the TSA established “See Something, Say Something,” which is a 
nationwide effort adopted originally from the Port Authority of New York and 
New Jersey. The program uses videos and signs to promote the reporting of suspi- 
cious activity and personnel to the TSA and the FBI. 


FBO SECURITY 


FBOs serve as the “truck stops” for GA aircraft. FBOs provide fueling, aircraft 
handling, and hangar storage services. Many FBOs also provide aircraft charter 
services. FBOs and business aircraft operators share the responsibility and work 
together to secure the business aviation industry. 

FBOs are predominantly represented by the National Air Transport Association. 
Signature Aviation Flight Support was one of the first FBOs to develop its own secu- 
rity procedures, which include the following recommendations: 


1. Flight crews must provide photo identification to gain access to the Signature 
ramp. 

2. Flight crews must identify all passengers before they are allowed access to 
Signature’s ramp and escort passengers to and from their aircraft. 

3. FBO personnel must maintain line-of-sight surveillance of passengers on the 
ramp who are not escorted by the pilot. 

4. Passengers are asked to walk directly, and as a group, to their aircraft and not 
delay entering their aircraft. 

5. Transient flight crews are issued special codes upon their arrival to guarantee 
that the same flight crews return to their respective aircraft. 

6. The use of personal cars or limousines on Signature’s ramp is not permitted. 
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SECURE FIXED-BASE OPERATOR PROGRAM 


The TSA’s Secure Fixed-Base Operator Program is a proof of concept, 
public—private sector partnership program that allows FBOs to check passenger 
and crew identification against a manifest or eAPIS (electronic Advance 
Passenger Information System) filings for positive identification of passengers 
and crew onboard GA aircraft. eAPIS checks are becoming an increasing part of 
GA security as DHS focuses more on deterring or catching individuals with ill- 
intent coming into the United States. 


HELICOPTER SECURITY 


In 2009, US and Canadian officials intercepted a large drug smuggling operation 
between the two countries that resulted in eight arrests, and the seizure of cocaine, 
marijuana, and over 200,000 ecstasy tablets, plus two Bell Jet Rangers helicop- 
ters. Known as Operation Blade Runner, the Drug Enforcement Agency followed 
the flow of narcotics from British Columbia to the state of Washington, to a 
remote forest heliport (Price, 2009, p. 23). While helicopters have not historically 
been the target of bombs or hijackings at the same rate as aircraft, the use of heli- 
copters in criminal and terrorist activities must still be considered. 

Helicopters are able to fly at slow speeds through congested city areas making 
them excellent platforms to fly in armed personnel to conduct a terrorist active 
shooter incident inside a stadium, airport, or any open-air assembly, bypassing 
any ground defenses. Helicopters have mostly been used for prison escapes and 
as observation platforms for follow-up criminal activity. Business executives are 
vulnerable as well with attempted helicopter hijackings to kidnap valuable execu- 
tives. In 2004, Pakistan provided the US government with information that 
revealed a plot to attack New York City and other targets in the country using 
helicopters. 

As with other forms of aviation, security measures should not eliminate the 
inherent benefit and use of this form of transportation or use. Helicopters are prof- 
itably operated as tourist platforms and for all sorts of other uses such as oil rig 
transport, medical and law enforcement, power line maintenance, and so on. 
Good helicopter security should include suspicious awareness training for helicop- 
ter pilots and helicopter operations personnel. Pilots should be aware of questions 
that could be asked by passengers that would generate suspicion. 

Security programs should be part of any helicopter operation with procedures 
for pilots under duress (code words, panic alarms), being hijacked, or feeling that 
there is a threat on their helicopter. Operators may wish to install CCTV into their 
helicopters so that the flight can be monitored remotely, and helicopter operators 
should conduct background checks on their pilots prior to hiring. For corporate 
helicopters carrying VIPs, additional threats may need to be addressed such as 
surface-to-air missile defenses and executive security protection practices. 


Alien Flight Student Program 


In certain cases, commercial helicopter operations feed directly into aircraft flight 
operations, so any charter or scheduled helicopter flight that transfers baggage 
and passengers into a commercial airliner under a security program should ensure 
that all personnel and items have undergone the appropriate screening. 


TRAINING FOR GA AIRPORT SECURITY AND LAW 
ENFORCEMENT PERSONNEL 


In 2006, the Waukesha County Technical College received a federal grant to 
study and develop training programs for GA stakeholders. They implemented the 
training in 2007 and are continuing the program, both in face-to-face sessions and 
online. The training is aimed at GA airport operators who may not have a signifi- 
cant security background, newcomers to the GA security industry, aviation busi- 
nesses, pilots and aircraft owners, and law enforcement and emergency workers 
with GA airports in their jurisdiction. GA security related training programs 
include topics such as: 


1. How to recognize GA aircraft and facilities that could be used for illegal 
purposes? 
2. How to apply crime prevention through environmental design concepts to 
GA airports? 
3. Establishing an Airport Watch program. 
4. Establishing an aircraft key control system. 
5. Antitheft devices for GA aircraft. 
6. Security signage and marking plans 
7. How to orient local LEOs to the airport environment and aircraft operations? 
8. Creation of an airport security committee. 
9. Creation of an emergency notification system. 
10. National Incident Management System fundamentals. 
11. How to create a business continuity plan? 
12. Developing instruction detection, integrated security, and CCTV systems. 
13. Troubleshooting airport security plans. 


Most GA airport operators do not have aviation security experience or may 
only have commercial airport security experience. Therefore, training in GA secu- 
rity should be required for anyone without a GA security background. 


ALIEN FLIGHT STUDENT PROGRAM 


Title 49 CFR Part 1552 addresses the security of flight schools and awareness 
training for flight school employees. Considering that the 9/11 hijackers were 
trained at US flight schools, it made sense to begin applying security regulations 
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for flight schools. Shortly after 9/11, the FAA sent security guidance to all flight 
schools,'” much of which was later formalized into the rulemaking under this sec- 
tion. Originally known as the Alien Flight Training Rule (now known as the 
Flight Training Candidate Checks Program), this section requires every flight stu- 
dent to prove his or her US citizenship before beginning flight training in an air- 
craft weighing 12,500 lbs or less. Foreign flight students are required to complete 
a CHRC and submit their fingerprints to the TSA. This rule required flight 
schools and flight instructors to provide security awareness training to each 
ground and flight instructor and any employee who has direct contact with a flight 
school student (regardless of citizenship or nationality) and to issue and maintain 
records of this training (e-CFR, 2008). The regulation not only applies to the 
thousands of flight schools across the United States but also to every individual 
certified flight instructor, every airline flight training academy that uses flight 
simulators, and any aviation college or university conducting flight training. 

By regulatory definition, flight training consists of aircraft simulators (a flight 
training device as defined under Title 14 CFR Part 61.1), flight schools (any flight 
training facility operating under Title 14 CFR Parts 61, 121, 135, 141, or 142), 
flight training (instruction received in an aircraft or simulator not including recur- 
rent or ground training), ground training (classroom or computer-based instruction 
not including instruction in a simulator), or recurrent training (periodic training 
required under Title 14 CFR Parts 61, 121, 125, 135, or Subpart K of Part 91). 
Collegiate aviation flight training programs are also covered under this regulation. 

Section 1552.3 applies specifically to instruction given in an aircraft with an 
MGTW of more than 12,500 lbs. The regulation requires flight schools to notify 
the TSA that a candidate has requested such flight training. A form must be sub- 
mitted to the TSA that includes valid personal identification information, proof of 
citizenship, the type of training being applied for, fingerprints (unless already on 
file with the TSA), and a photograph of the candidate. Before flight training can 
begin, the TSA must inform the flight school that the candidate does not pose a 
threat to aviation or national security, or more than 30 days have elapsed since 
the TSA received the information. In either event, the flight school can begin the 
candidate’s flight training within 180 days. A flight school may request expedited 
processing if the previous conditions are met, the candidate is eligible for expe- 
dited processing, and information establishing eligibility is presented. '' 





10The FAA sent the notice to FBOs, which the FAA defined as any aviation business, whether a 
flight school, aviation fuel provider, charter service, or aviation maintenance operator. 

1A candidate is eligible for expedited processing if he or she already holds an airman’s certificate 
from a foreign country that is recognized by the FAA or a military agency of the United States, or 
the candidate is employed by a foreign air carrier that operates under Title 14 CFR Part 129 and 
has a security program approved under Title 49 CFR Part 1546. The individual must also already 
have successfully completed a CHRC in accordance with Title 49 CFR Part 1544.230 or is part of 
a class of individuals who the TSA has determined poses a minimal threat to aviation or national 
security because of the flight training already possessed by that class of individuals. 


Maryland-3 


For candidates wishing to receive flight instruction on an aircraft that is 
12,500 Ibs or less, the flight school or flight instructor must verify the student’s 
US citizenship; if the candidate is not a US citizen, the flight school or flight 
instructor must require the individual to register with the TSA before beginning 
flight training. If the student is attending an aviation university or college using 
aircraft or simulators to conduct flight training, the same information is submitted 
to that entity. The flight school must immediately terminate or cancel a candi- 
date’s flight training if the TSA notifies the flight school at any time that the 
candidate poses a threat to aviation or national security. 


FLIGHT SCHOOL SECURITY AWARENESS TRAINING 


Good security of flight school aircraft or any aircraft at a GA airport should 
include practices such as locking aircraft; using throttle, prop, and tie-down locks; 
securing hangar doors; not leaving ignition keys in the aircraft, even momentarily; 
reporting suspicious activity to the authorities immediately; and vigilance on the 
part of the flight instructor over his or her new students until trust has been 
established. 

The TSA has also created a flight school awareness training program. Title 49 
CFR Parts 1552.21 and 1552.23 are specific to flight schools operating under 
Title 49 U.S.C. Subtitle VII. It introduces the flight school employee, defined as a 
flight instructor, chief flight instructor, director of training, or an independent 
contractor, who has a contract with a flight school to provide flight instruction. A 
flight school employee also includes a ground instructor at a college or university 
that provides flight instruction. Part 1552.23 requires that each flight school 
employee must complete the TSA’s Flight School Security Awareness Training 
Program (see http://download.tsa.dhs.gov/fssa/training). Flight schools must main- 
tain records of the security awareness training completed by their personnel. The 
training includes situational scenarios, suspicious behavior of personnel, signs 
that an aircraft has been altered for illegal uses, and other information useful for 
identifying flight candidates who may be pursuing illegal activities. Flight schools 
may elect to use their own training program, which must include everything in 
the TSA’s online training. 

Shortly after 9/11, the FAA issued guidance for flight school security. The 
TSA followed up with its own handout in 2006 (Fig. 9.5). 





MARYLAND-3 


Title 49 CFR Part 1562 addresses three GA airports located close to the center of 
Washington, DC: College Park Airport, Washington Executive/Hyde Field, and 
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US. Department of Homeland Security 
601 South 12” Street 
Arlington, VA 22202 


Transportation 


Security 
Administration 


Advisory — Security Information for Flight Schools and Flight Training Providers 


September 1, 2006 





The Department of Homeland Security and the Transportation Security Administration continue to 
monitor reports on potential terrorist threats in the United States. Based on a recent interagency 
review of available information, we remain concerned about Al-Qaeda's continued efforts to plan 
multiple attacks against the United States. These attacks may involve aviation. 


Recently, an aviation related incident was reported surrounding suspicious activities at flight schools. 
At this point there is no indication that this occurrence is terrorist related, however, we request 
airport managers, flight schools, flight training providers, and aircraft operators remain vigilant for 
suspicious behavior and activities. 


TSA reminds general aviation aircraft and airport owners and operators to review the security 
measures contained in the TSA Information Publication, Security Guidelines for General Aviation 
Airports (available at http://www.tsa.gov/public/interapp/editorial/editorial_1113.xml), and the Aircraft 
Owners and Pilots Association’s Airport Watch Program materials (available at 
www.aopa.org/airportwatch). In addition, general aviation aircraft and airport owners and operators 
are encouraged to consider the following: 


Secure unattended aircraft to prevent unauthorized use. 

Verify the identification of crew and passengers prior to departure. 

Verify that baggage and cargo are known to the persons on board. 

Where identification systems are in place, encourage employees to wear proper identification 

and challenge persons not wearing proper identification. 

e Direct increased vigilance to unknown pilots and/or clients for aircraft rental or charters — as well 
as unknown service/delivery personnel. 

e Be alert/aware of and report persons masquerading as pilots, security personnel, emergency 
medical technicians, or other personnel using uniforms and/or vehicles as methods to gain 
access to aviation facilities or aircraft. 

e Be alert/aware of and report aircraft with unusual or unauthorized modifications. 

¢ Be alert/aware of and report persons loitering in the vicinity of aircraft or air operations areas — 
as well as persons loading unusual or unauthorized payload onto aircraft. 

e Be alert/aware of and report persons who appear to be under stress or the control of other 
persons. 

e Be alert/aware of and report persons whose identification appears altered or inconsistent. 


The theft of any General Aviation aircraft should be immediately reported to the appropriate 
authorities and the TSA General Aviation Hotline at 866-GASECUR (866-427-3287). In addition, 
persons should report any suspicious activity immediately to local law enforcement and the TSA 
General Aviation Hotline. 


FIGURE 9.5 
TSA advisory to flight schools. 





Potomac Airfield (Fig. 9.6). They are known as the Maryland-3 and are presently 
the only GA airports with specific security regulations. 

Each of the Maryland-3 airports must have an ASC who, similar to an ASC at 
a commercial service airport, administers the TSA’s security requirements. These 
include maintaining a copy of the airport security procedures and a copy of the 
FAA procedures applicable to GA operations at the Maryland-3 airports. The 
TSA has the authority to inspect the airport and related security program 
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FIGURE 9.6 
Example of TFR over Denver, CO. 


documentation. Security coordinators at these airports must provide their names 
and other identifying information including fingerprints and social security num- 
bers to the TSA. They must also have successfully completed a security threat 
assessment (STA) and not have been found guilty (or not guilty by reason 
of insanity) of any of the disqualifying offenses as outlined in Title 49 CFR 
Part 1542.209. 

A Maryland-3 ASC must implement a set of security procedures. These 
include keeping a record of those authorized to use the airport, monitoring the 
security of aircraft during operational and nonoperational hours, alerting aircraft 
owners/operators and the TSA of unsecured aircraft, implementing and maintain- 
ing security awareness procedures at the airport, and limiting approval for pilots 
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who violate the Washington, DC, metropolitan area flight-restricted zone and are 
forced to land at the airport. They also contain any additional procedures required 
by the TSA to provide for the security of aircraft operations into or out of 
the airport. 

Each pilot flying into and out of the Maryland-3 must provide the TSA with 
his or her name, social security number, date of birth, current address and phone 
number, current airman or student pilot certificate, medical certificate, a 
government-issued photo ID, and fingerprints. Pilots must provide a list of the 
make, model, and registration number of each aircraft that he or she intends to 
operate at the airport. Each pilot must successfully complete an STA and receive 
a briefing acceptable to the TSA and the FAA of the operating procedures for the 
airport. Pilots may not have been convicted or found not guilty by reason of 
insanity, in any jurisdiction, during the 10 years preceding application for authori- 
zation, of any of the disqualifying offenses listed in Title 49 CFR Part 1542.209. 
A pilot must not have a record on file with the FAA of a violation of a prohibited 
area, a flight restriction, any special security instructions issued under Title 14 
CFR Part 99.7, a designated restricted area, any emergency air traffic rules issued 
under Title 14 CFR Part 91.139, or a TER. If a pilot or ASC violates any of these 
or commits a disqualifying offense, he or she must notify the TSA within 24 hours 
of conviction. Pilots flying into the Maryland-3 must secure their aircraft after 
flight, file a flight plan (FR or VFR), and obtain an air traffic control clearance 
and transponder code. 


AIRCRAFT SECURITY UNDER GENERAL OPERATING AND 
FLIGHT RULES 


Title 49 CFR Part 1550 applies to GA aircraft operations. It provides for the 
TSA to inspect any aircraft operations into sterile areas of commercial service 
airports. It includes requirements of the 12-5 security program for aircraft 
engaged in scheduled service, charter, or cargo operations that are more than 
12,500 lbs and not under any other security program. Although the regulations 
in this section are not extensive, they do provide a foundation for future regula- 
tion of these operations. As with other aircraft operator regulations, any aircraft 
operator must allow TSA personnel to inspect and copy records related to activi- 
ties under this regulation. 

For aircraft operations where a sterile area is involved, either if a passenger or 
crewmember enplanes from or deplanes into one, if the operation is not already 
covered under a scheduled passenger service security program (full or partial) or 
public or private charter operations under Title 49 Part 1544 or 1546, screening 
must be done. Operations covered by this section include private aircraft opera- 
tions and operations under the 12-5 security program when enplaning from or 
deplaning into a sterile area. 


Corporate Aviation Security 


12-5 STANDARD SECURITY PROGRAM 


Aircraft of 12,500 lbs or more not operating into or out of a sterile area and not 
covered under a program under Title 49 CFR Part 1544 or 1546 (Domestic or 
Foreign Air Carrier Operations) must adhere to the 12-5 rule. Any aircraft opera- 
tor conducting commercial aircraft operations (scheduled service, private or 
public charter, or cargo) where the operator owns or has managing control of the 
aircraft must search the plane before departure and screen passengers and carry- 
on items. The TSA must first notify the aircraft operator that such security mea- 
sures are necessary through NOTAM, a letter, or other communication. Aircraft 
operators can apply for waivers from the TSA for these procedures. Presently 
almost 1000 aircraft operators must adhere to the 12-5 rule. 


AGRICULTURAL AIRCRAFT SECURITY 


The FBI indicated that in 1993 Osama bin Laden assessed the possibility of using 
an agricultural aircraft as a method to disperse chemical or biological weapons. In 
2001, before 9/11, Canton (2006) in The Extreme Future discussed a model he 
had completed on an anthrax attack on the National Mall in Washington, DC, 
using an aircraft to disperse the anthrax agent. The results showed that nearly 
100,000 people could be at risk, and the resultant shut down of the facilities in 
the affected area, including hospitals, would be devastating. 

After 9/11, the FBI visited the thousands of agricultural pilots across the United 
States to assess the potential risk from this industry. In an effort to prevent the theft 
of their planes for potential use in a terrorist attack and to ward off stifling federal 
regulations, the National Agricultural Aviation Association developed several secu- 
rity recommendations and participated on the TSA advisory committee. Although 
the threat from a stolen agricultural aircraft exists, the aviation agricultural commu- 
nity is small and well known to the local farmers and chemical distributors. 

Security recommendations for agricultural operators include securing aircraft 
and chemical agents when not in use, enhancing the lighting around aircraft and 
chemical storage areas, parking farm equipment such as loaders and combines in 
areas that prevent taxiing of aircraft when not in use, and establishing contact 
with local law enforcement agencies. Immediately reporting stolen aircraft or 
chemical agents is fundamental to agricultural aviation security. Agricultural air- 
craft could be used to spread chemical, biological, or radiological weapons, and 
many of the ingredients can be found within the same community. 


CORPORATE AVIATION SECURITY 


There is no hard-and-fast definition of a corporate aircraft. A corporate aircraft 
could be a Cessna 172 that a business uses to fly for servicing regional accounts. 
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A corporate aircraft could also be a Gulfstream V, a large business jet, owned by 
a large corporation and that flies to destinations around the world. Although the 
security measures discussed in this section are directed primarily at the larger 
business aircraft, they could also apply to smaller aircraft operations. 

Overall, the business aviation community may not have the security measures 
of commercial aviation operations, such as passenger and baggage screening, but 
it is a mistake to think that no security measures are present. A corporate aircraft 
is a multimillion-dollar investment for a business, and businesses owners want to 
ensure that investment is protected. Long before 9/11, corporations already took 
many preventative measures to ensure the safety and the security of their aircraft 
and passengers. It is not uncommon for a business aircraft to fly into a small air- 
port that is more convenient for the passengers but lacks the hangar space to store 
the aircraft, then shuttle the aircraft to another larger airport to hangar the aircraft 
until it is needed again, hours or days later. 

Another factor with corporate aircraft security is that corporations often have 
business dealings throughout the world. Corporate aviation security considerations 
must include differences in culture, customs laws, currency, immigration, and the 
threat to the aircraft and its occupants in various parts of the world. 

In 1992, Harry Pizer and Stephan Sloan published Corporate Aviation 
Security. Although the text is dated and the perceived threats to corporate aviation 
have not occurred, their book provided a good foundation for corporate flight 
departments. Owners of small aircraft used for business purposes can also benefit 
from their lessons. Their key points are summarized here, together with security 
best practices from the NBAA and other industry practices. 

Before 9/11, the main security concerns for a corporation with respect to its 
aircraft were protecting the asset from theft and vandalism and protecting person- 
nel from kidnapping, particularly in certain less stable parts of the world. 
Corporations also worried about their aircraft being used, either knowingly or 
unknowingly, to transport illegal goods. After 9/11, the security concerns 
increased to include bombings and hijackings with the intent of using the aircraft 
as a weapon. 

Corporations are also motivated to provide for security of their flight opera- 
tions as a litigious society has made certain that were anything to happen to the 
safety and security of those carried onboard a corporate plane, the corporation 
would have to demonstrate in court that diligent and reasonable security measures 
were taken (Pizer and Sloan, 1992). 

Although most corporations that own aircraft have just one, a few have doz- 
ens, and even fewer have more than a hundred. Some operators, such as NetJets, 
a fractional operator that provides corporate aircraft for companies, manage 
several small fleets of aircraft of various sizes and capabilities. 

Regardless of the size of the company, every corporate aircraft operator should 
have a designated security director and a standard aircraft operations security pro- 
gram administered by the coordinator. Depending on the size of the fleet, the 
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security director may have a small staff to handle administrative and training 
issues and may have a staff of certified protection professionals who are armed 
and trained in the executive protection techniques. A few aircraft operators are 
large enough and have enough cause to go into Reagan National Airport that they 
employ their own armed security officers (ASOs) who are certified LEOs. ASOs 
are required to accompany GA aircraft flights into Reagan National Airport. 
A security committee should be established. It should be chaired by the security 
director and include representatives from the corporation’s pilots, flight attendants 
and mechanics, dispatch and flight planning personnel, and representatives from 
management. Other members may be retired or active federal, state, and local 
LEOs and security consultants. 

The corporate security program should address airport security measures, pre- 
departure procedures, operational security (OpSec), in-flight security, arrival and 
destination security, intelligence, security screening (where appropriate), measures 
to keep prohibited items off company aircraft, executive protection measures, 
contingency plans, and security training for flight crew. 

Airport security measures should be addressed with the respect of protections 
the airport offers to its tenants. As a minimum, the airport should meet the TSA’s 
GA airport security guidelines and have implemented the AOPA’s Airport Watch 
program. Perimeter fencing, appropriate hangars for aircraft, adequate ramp light- 
ing, CCTV monitoring of the flight line, 24/7 security, law enforcement, FBOs, 
and airport operations personnel should also be on hand. A database should be 
established that profiles the airports the corporation typically flies into. This 
should include security threats and mitigation measures taken by the airport 
operator and a liaison maintained with airport and FBO management personnel at 
these facilities, particularly at foreign airports. When a new airport is used, the 
security director should create a new profile and provide a predeparture briefing 
to the flight crew and passengers. 

The following list is provided by the NBAA (1995—2008) and should serve as 
minimum security requirements at the corporate operator’s home base: 


1. Ensure home facility perimeter security with effective fencing, lighting, 
security patrols, gates, and limited access areas. 

Ensure street-side gates and doors are closed and locked at all times. 
Require positive access control for all external gates and doors. 

Close and lock hangar doors when the area is unattended. 

Secure all key storage areas (food and liquor, parts and tools, etc.). 

Have an access control management system for keys and passes. 
Confirm the identity and authority of each passenger, vendor, and visitor 
prior to allowing access to facilities and aircraft. 

Escort all visitors on the ramp and in the hangar area. 

Use a government-issued photo ID to verify the identity of any visitor or vendor. 
10. Post emergency numbers prominently around the facility. 
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11. Ensure easy access to phones or “panic buttons” in various facility locations 
(break room, hangar bay, etc.). 

12. Confirm security of destination facilities. 

13. Be aware of your surroundings and do not be complacent—challenge 
strangers. 


OpSec means keeping private matters private. Only those with a “need to 
know” should be provided with information relating to OpSec. OpSec includes 
the details of any corporate travel, security of computer information systems 
including laptops and personal digital assistants that may include corporate pro- 
prietary information, and the protection of any written materials that may be kept 
onboard during the flight. Dissemination of information such as the departure and 
arrival times, who will be onboard, what will be carried on the flight, the flight’s 
destination, and the route of flight should only be divulged to those with a need 
to know (ie, those who need to know certain information to perform their duties). 
OpSec not only protects the aircraft operator and its occupants, but may also 
protect the company from divulging information to potential competitors 
(Pizer and Sloan, 1992). 

Predeparture security procedures are completed whether the aircraft is at its 
home base or at a transient location. These include observing all maintenance on 
the aircraft during the time it is in a foreign airport and observing catering, fuel- 
ing, and other activities to ensure that no dangerous or illegal items are placed 
onboard. Any stores, such as food, beverages, cleaning materials, etc., should be 
inspected before being brought onboard. People not associated with the aircraft 
should be kept away from it (Pizer and Sloan, 1992). 

If the aircraft has been unattended for any time, particularly if left outside, a 
complete preflight inspection should include checking the aircraft for unautho- 
rized items. In some cases, a corporation may have its own security personnel 
who are responsible for watching the plane when it is not in service. Some opera- 
tors have also installed video cameras on the exterior of their aircraft to watch for 
suspicious activity while on the ramp. 

Predeparture procedures include checking the identity of all personnel onboard 
the flight, and, where appropriate, screening passengers and bags. Passengers 
should be either on a list of those authorized to fly on the corporation’s plane or 
be vouched for by a passenger on the authorization list. 

Predeparture procedures include collecting as much information as possible 
about the destination airport(s) and disseminating it to the passengers and crew 
via an intelligence briefing. The briefing is prepared by the security director and 
should include the following: 


1. Potential threats including street crime statistics; areas of town to be avoided; 
known recent hijackings, kidnappings, or extortion attempts of executives 
traveling to that region; situations of general unrest; rioting; and the political 
and social climate. 

2. Airport security measures at the destination airport. 
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3. Information on FBOs including any credentialing or background check 
requirements on FBO personnel, including caterers, fuelers, and mechanics. 

4. Emergency contact information for the US embassy, Department of State, 
local law enforcement agencies, and US military bases that may be nearby. 

5. Information on ground transportation to and from local hotels, meeting 
locations, and so on. 

6. Companies that carry well-known celebrities or political personalities must 
also be aware of the presence of unwanted news media and paparazzi. 


When traveling to foreign airports, many corporations elect to use a ground- 
handling agent who can assist with customs and immigrations paperwork and 
other laws and regulations for traveling to a specific country. A basic background 
check should be done on any company or individual who acts as a handling agent 
for the corporation. 


INTELLIGENCE 


Corporations, particularly large corporations, should generate their own intelli- 
gence briefings and reports that are relevant to the operations of the company. 
This information can be used in flight planning and in developing security aware- 
ness processes. Jane’s Information Group is a common source of this type of 
intelligence information and can keep corporations notified about worldwide 
news, country risk assessments, and other public safety and security information. 
Companies such as Jeppesen also offer extensive international trip planning 
services. Intelligence information should include a general overview of the desti- 
nation and information relevant to the specific location of the flight crew and 
passengers. 


IN-FLIGHT SECURITY 


The events of 9/11 put a new face on the nature of a hijacking. Previous guidance 
to comply with hijackers’ requests and work to land the plane and negotiate can 
no longer be trusted. Flight crewmembers should assume the worst-case scenario 
if their aircraft is hijacked and take whatever action is necessary to defend the 
flight deck from intrusion and takeover. Although most corporate pilots know 
their passengers personally, and the passengers may be the employers of the flight 
crew, there are instances where a hijacking could occur. A hijack could be 
attempted by someone who has duped a corporate officer into being allowed onto 
the plane or by a disgruntled company employee who is on the authorized passen- 
ger list. With the increase of fractional operators, the pilots may not know whom 
they are carrying as much as a corporate flight crew who is flying the boss’s 
plane. An aircraft could also be taken over while it is still on the ground as the 
flight crew makes its departure preparations. 
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FLIGHT CREW TRAINING 


Flight crew personnel should receive self-defense training and conduct exercises 
in how to handle a hijacking attempt. After 9/11, some corporate flight crewmem- 
bers were carrying their own personal firearms for protection. Local regulations 
will govern this procedure, as the federal regulations do not address the carriage 
of firearms in an aircraft under a Part 91 operation. 


OTHER SECURITY PRACTICES 


Other security practices for corporate operators include the establishment of con- 
tingency plans for unattended items, bomb threats, hijackings, and theft attempts. 
Corporations should conduct regular security awareness training for flight crews 
and passengers and exercises and simulations for certain aircraft incidents. 


NBAA TSA ACCESS CERTIFICATE PROGRAM 


A major benefit to corporate flying is the ability to access more than 5000 US 
public-use GA airports instead of being restricted to 450 commercial service 
airports. After 9/11, the US government put tight restrictions on access to 
US airports by GA aircraft coming into the United States from foreign locations. 
To alleviate the problem, the NBAA pioneered the TSA Access Certificate 
(TSAAC) program. TSAAC allows operators under Title 14 CFR Part 91 (Private 
Operator/Owner) to fly internationally without having to pass through a “portal” 
country as outlined in FDC 2/5319. Presently, the portal countries include 
Canada, Mexico, the Bahamas, England, Scotland, Wales, and Northern Ireland. 
Under the current pilot program, aircraft operators with a TSAAC certificate may 
fly out of three airports: Teterboro, NJ, Morristown, NJ, and White Plains, NY. 
According to the NBAA web site, on August 23, 2006, the FAA issued 
NOTAM 6/7435, which allows operators of aircraft under 100,309 MGTW to fly 
internationally without having to pass through a portal country (NBAA, 2006). As 
a result, operators meeting the requirements of this NOTAM no longer need to 
request waivers or obtain a TSAAC to avoid passing through a portal country. 


DCA ACCESS STANDARD SECURITY PROGRAM 


Section 1562.21 applies to aircraft operations into or out of Ronald Reagan 
Washington National Airport (DCA). It applies to FBOs located at DCA or gate- 
way airports, the aircraft operator security coordinator and crewmembers, passen- 
gers, and ASOs on the GA aircraft. This section does not apply to medical 
evacuation flights, commercial service or military flights, or all-cargo operations. 
To operate into and out of DCA, aircraft operators must designate a security 
coordinator who must have passed a CHRC/STA and implement the DCA Access 
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Standard Security Program. Flight crewmembers are required to pass a CHRC/ 
STA and not have any airspace restriction violations on record with the FAA. 
The aircraft operator must provide passenger manifest information to the TSA at 
least 24 hours before a flight and an STA will be conducted on each. The aircraft 
operator may not carry a passenger into DCA who has not passed an STA. 

For any flight, an aircraft must fly directly from a designated gateway airport 
to DCA (no interim stops), and the operator must ensure that passengers and 
carry-on bags have been screened. Checked baggage and cargo must be screened 
and be inaccessible to the passengers throughout the flight. Aircraft operating out 
of DCA must be equipped with a cockpit door and ensure it is closed and locked 
at all times. Pilots must notify the National Capital Region Coordination Center 
before departure from DCA or a gateway airport into DCA. The TSA has the 
authority to inspect the aircraft and the security programs. 

Each flight must carry a federal air marshal or an ASO. The ASO program is 
administrated by the Federal Air Marshal Program. Each ASO must be qualified 
to carry a firearm and complete an STA and a CHRC. ASOs include active LEOs 
employed by a governmental agency and retired LEOs who are authorized to 
carry out the duties of an LEO. Other ASOs must meet the requirements deter- 
mined by the Federal Air Marshal Program. 

In addition to basic law enforcement training, each ASO must complete TSA- 
specific training related to operations into and out of DCA. Each has the authority 
to use force, including deadly force. ASOs may not drink alcohol or use intoxicat- 
ing or hallucinatory drugs during the flight and within 8 hours before the flight. 
ASOs must identify themselves to the flight crew before the flight. 

Each FBO operating out of or into DCA (ie, a gateway airport) must imple- 
ment an FBO security program, which includes designating a security coordinator, 
provisions to support the screening of persons and property, and the aircraft 
search for aircraft heading into or out of DCA. 


UNMANNED AERIAL SYSTEMS/UNMANNED AERIAL 
VEHICLES 


The successful use of UAVs and RPVs in military operations and some law 
enforcement operations has led the FAA to address the use of these technolo- 
gies in the US airspace system. Although, thus far, the industry has lagged sig- 
nificantly behind in both safety and security issues. The term UAV describes 
the actual vehicle that flies, whereas the term Unmanned Aerial System (UAS) 
describes all of the components required to operate the UAV, such as a ground 
control station, payload, datalink, and the vehicle itself (Fahlstrom and 
Gleason, 2012). 

While many people use the terms UAV and RPV interchangeably, the strictest 
definition of an RPV is when an operator at a remote site actually pilots a “true” 
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RPV; a “UAV” may both be piloted and programmed to perform autonomous 
missions. The UAV purist uses the term drone to describe something that flies in 
a dull, monotonous, and indifferent manner, such as a target drone. The word 
drone, however, has been widely adopted by the general public and the media 
alike and will most likely remain in use. However, to an airport operator, under- 
standing the differences in UAV technology is important as they relate to the 
impact of UAVs on airport operations (Fahlstrom and Gleason, 2012). 

The three classes of unmanned aircraft system operations are: (1) Civil, 
(2) Public, and (3) Model Aircraft. Each of these classes has its own waiver or 
exemption programs. The first exemption was made available to individuals oper- 
ating Model Aircraft—classified as flying craft weighing below 55 lbs. Larger 
UAV operators must receive a Certificate of Waiver or Authorization (COA) from 
the FAA to operate in civil airspace. The two classifications of COAs are civil 
operators or public operators. Civil operators are nongovernmental entities that 
typically operate a UAV for some commercial purpose, such as news reporting, 
surveillance, or surveying real estate. Public aircraft are operated by government 
organizations in operations such as search and rescue, law enforcement surveil- 
lance, and research activities. However, the significant challenge in UAV opera- 
tions is that no one is quite certain how the use of these devices will change our 
way of life, and few have thought about the security implications that go along 
with them. 

While it is unlikely that UAVs will operate out of busy, commercial service 
airports, it is likely that they will soon operate out of GA facilities, particularly 
airports with low levels of activity, or even droneports. One of the nation’s first 
known droneports is being established at Biggs Army Airfield in El Paso, TX, 
with design standards already published by the US Air Force. 

In 2013, the FAA completed a 10-month selection process to pick six test sites 
for UAV application, and all are GA facilities. Each airport was selected to partic- 
ipate in a particular component of the research including: 


. Standards for unmanned aircraft categories 

. Traffic control procedures and NextGen 

. Sense and avoid technologies, and airspace integration 

. Differing climates, airworthiness, and reliable data links 
. UAS failure mode testing. 
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SECURITY IMPLICATIONS OF UAV OPERATIONS 


Recently, an Airport Cooperative Research Project, Unmanned Aircraft Systems 
at Airports: A Primer, was developed to determine the potential use and impact 
on ATC systems, airport facility standards, environmental impact, safety manage- 
ment systems, and community outreach. The study notes that UAV security issues 
must also include a discussion of the security of the UAV system itself, if the 
information it gathers is highly confidential or if the UAS is experimental and 


Unmanned Aerial Systems/Unmanned Aerial Vehicles 


proprietary designs or information need to be protected (Neubauer et al., 2015). 
Unfortunately, the report did not extend to security threats posed by UAV 
operations, focusing instead on securing the UAV operation itself, while on 
airport property. 

The security threats from drone operations are multiple: 


1. A UAV could be used to conduct surveillance on airports or other high-value 
targets. 

2. A UAV could be purposely flown into a passenger aircraft. 

3. A UAV could be weaponized with a gun and used to attack high-value 
targets, passing quietly over the heads of security personnel and any security 
fencing or barriers. 

4. A UAV could be combined with an IED and flown into any number of 
targets. 

5. A UAV could be equipped with a chemical, biological, or radiological 
element and dispense the agent over an open air assembly, such as a stadium, 
park, or outdoor concert. 


A report by the Rand Corporation, published in 2008 noted that UAVs could 
be used to attack over the US borders from a neighboring country, for use as a 
cruise-missile, and to enable multiple simultaneous attacks (Jackson et al., 2008). 
Of the attacks listed in the Rand report, the UAV-as-cruise missile seems particu- 
larly threatening, as the US military has repeatedly demonstrated their utility in 
modern warfare, noting that many times cruise missiles are dubbed “the poor 
man’s air force.” 


UAVs and cruise missiles are most likely to be attractive in situations in which 
their aerial, long-standoff capability solves key operational problems an 
attacker faces in planning and mounting an operation. These systems appear 
most advantageous because they could make it easier for an adversary to do 
five main things: 1. attack over perimeter defenses 2. attack over national bor- 
ders 3. carry out multiple simultaneous attacks 4. conduct an attack campaign 
(a series of attacks over time) 5. attack area targets with unconventional weap- 
ons (Jackson et al., 2008, p. xv). 


The Rand report notes that many small, air-defense systems may not be as 
effective as other means, such as intelligence and law enforcement interdiction, 
long before an attacker achieves the capability to launch such a device. Airport 
police attempting to shoot down an incoming drone may be impossible due to the 
flight characteristics and low cross-section to hit. Plus, there is the risk of launch- 
ing ordinance into the air—the question must be asked, which is more devastat- 
ing, allowing the drone to hit its target, or having numerous LEOs firing shots 
into the air in an attempt to shoot it down. 

The majority of drones flying today constitute the small model aircraft cate- 
gory, which are unlikely to pose a threat to a facility, but could do harm to an 
individual or small group. Larger UAVs, Predator or Global Hawk size, would 
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be better platforms for a large explosive charge, and they have the benefit of 
more kinetic energy. From the airport operator’s perspective, the main deter- 
rence to the illegal use of drones for criminal or terrorist operations is to moni- 
tor UAV activities on and around their airport. The issue of defense-from- 
drones is still in its infancy. 





CONCLUSIONS 


This chapter analyzed various strategies for protecting GA airports and aircraft 
flight operations. Strategies for securing GA used by government and stake- 
holders to GA were presented. A key challenge to developing legislation, poli- 
cies, and processes for securing GA airports is that stakeholders have different 
perceptions regarding the nature of GA. GA operations can vary greatly in the 
types of aircraft used and purposes for GA flight operations. Congress and the 
TSA have focused GA security efforts on GA aircraft operators rather than GA 
airport operators. GA aircraft operations are regulated under Title 49 CFR Part 
1550 for those aircraft operators conducting charter operations with aircraft in 
excess of 12,500 lbs MGTW or aircraft operators whose passengers deplane 
into a sterile area. In 2008, the TSA began working on the LASP, which may 
result in security regulations for GA aircraft private operations conducted under 
Title 14 CFR Part 91. 

The DHS has expressed concern that a GA aircraft could be used as a WMD 
or to transport dangerous individuals or materials into the United States. 
However, the TSA has stated that the small size, lack of fuel capacity, and mini- 
mal destructive power of most GA aircraft make them unattractive as a WMD. 
Frustrated with what was perceived as a lack of effort in GA security, Congress 
included in the 9/11 Act language requiring the TSA to assess the threat and 
vulnerabilities of GA airports by August 2008. 

Government agencies recommend that GA airport operators use security strat- 
egies such as perimeter fencing, security patrols, and airfield access control sys- 
tems. GA airport operators should also create a security plan that includes an 
emergency locator map and procedures for handling bomb threats and suspected 
stolen or hijacked aircraft. Some US states require GA airports to conduct vulner- 
ability assessments by different security agencies. 

The TSA and the FAA are challenged to allocate significant levels of funding 
for GA security enhancements because of security demands of commercial avia- 
tion and other modes of transportation. The TSA does offer a Secure Fixed-Base 
Operator Program allowing FBOs to check passenger and crew identification 
against manifest or eAPIS filings for positive identification of passengers and 
crew onboard GA aircraft. 

Without regulatory guidance, the creation of ASPs for GA airports will con- 
tinue to be challenging. Although policies and legislation are debated regarding 


Conclusions 


GA security issues, most GA airport operators will continue to use commercial 
service ASPs as models for enhancing security at GA airports. 

Despite the ability of individuals to access GA airports and aircraft, along 
with the potential use of aircraft as weapons, a key question remains: why have 
terrorists not yet attacked using GA aircraft? The answer may lie in the logistics. 
John Mueller and Mark Stewart, authors of Chasing Ghosts: The Policing of 
Terrorism, assert that many would-be terrorists are operationally unsophisticated, 
short on know-how, prone to mistakes, poor at planning, and limited in their 
capacity to learn (Mueller and Stewart, 2016, p. 137). 

Even the 9/11 hijackers were not all that sophisticated or extraordinarily intel- 
ligent. As noted by Mueller and Stewart (2016, p. 140—141), the lead hijacker, 
Mohammed Atta, nearly missed his flight that morning and left behind a suitcase 
filled with personal information, while two of the other pilot/hijackers were poor 
pilots at best. Another trainee was so transparent that within 2 days of his flight 
training, his flight instructor reported him to the FBI as a suspected terrorist. 
Terrorists may feel that using GA to attack the United States would not cause the 
damage (or personal significance) the terrorists desire or are, so far, too incompe- 
tent to attempt. 





GA SECURITY 


Rosemary Rizzo, A.A.E., ACE 


When most people think of aviation security they think of large airports and long TSA lines, but 
aviation security is much more than that. It is not only about the passengers and baggage; it is 
about protecting the aircraft itself, the cargo, the flight crew, students, and the staff at the airport. 
One segment of the industry that many times gets brushed over is GA, unless of course you see 
thefts reported in the local news or headline news like the “Barefoot Bandit.” 

GA is all of the flights that are not scheduled air service or military and range from hot air 
balloons to private and corporate jets. Because there is such a broad spectrum of operations and 
users, GA security is not regulated, and one solution does not fit all airports. The TSA has 
published guidelines to assist airport owners and operators in evaluating and assessing their risks 
in order to implement a plan that best meets their individual security needs. 

First and foremost you should take the time to use those TSA guidelines and any State 
guidelines to identify any potential risks or hazards and then create a plan to mitigate them. That 
plan should include a layered approach to security at the airport. I am sure you have read and 
heard about taking a layered approach several times now and are thinking “I get, can we move on 
now,” but this is important and it will not be the last time you hear about it. 

Part of the plan you create should include educating your airport tenants and users. This may 
take some time but in the end your airport users are an extension of your eyes and ears and can be 
a great asset to your security program. They can also provide you with valuable input as you put 
your plan together if you choose to discuss it with them. You can also incorporate programs like 
AOPA’s Airport Watch, which is already established. Analyzing your risks and creating a plan 
can be one of the most affordable options you can choose to do for security at your airport. 

Managing security at your airport can be very costly if you buy into every new technological 
advance, but fortunately some technologies such as security cameras have become much more 
affordable. Even if you are not able to install cameras to see every inch of the airport you can use 
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them in critical areas such as: aprons, fuel facilities, chemical storage, and parking lots. You can 
also look into State and local grants that may help you pay for security tools and measures such 
as fencing, gates, and cameras. 

As previously stated, every airport is different so as an airport manager it is your job to 
determine what is best for your airport. Airport security is most likely a concern for your tenants 
and users and it should be a priority for you. Starting with a simple plan and expanding from 
there could potentially help you prevent criminal acts from occurring at your airport and 
impacting your operations and liability. 
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OBJECTIVES 


This chapter examines issues related to aircraft operator security along with risks 
and processes associated with air cargo. An overview and assessment of the vulner- 
abilities of aviation systems in relation to air cargo is also discussed. Policies, 
methods, and regulations are examined for managing security within the air cargo 
supply train. The 9/11 bill, along with Title 49 CFR Part 1548 Indirect Air Carrier 
Security legislation, is examined in relation to air cargo security. We also look at a 
synopsis of where air cargo security is today and examine concerns regarding future 
legislation and methods for managing air cargo security. 


INTRODUCTION 


The business and logistics for supporting air cargo is a highly complex system of 
global infrastructure that is subject to risk from crime and terrorism. The US 
Government Accountability Office (GAO) describes the nature of air cargo as 
follows: 


Air cargo includes freight and express packages that range in size from small 
to very large, and in type from car engines, electronic equipment, machine 
parts, apparel, medical supplies, human remains, to fresh-cut flowers, fresh 
seafood, fresh produce, tropical fish, and other perishable goods. Cargo can 
be shipped in various forms, including in unit-loading devices, wooden crates, 
assembled pallets, or individually wrapped/boxed pieces, known as break bulk 
cargo.' 

GAO, 2005, October, p. 9. 


In 2010, an attempt was made to bomb commercial airliners using explosive 
devices hidden in computer print cartridges shipped as air cargo. This effort in 
terrorism, commonly referred to as the Yemen air cargo plot, brought to public 
attention that air cargo is vulnerable as a target for terrorism. The Yemen air 





‘Break bulk cargo includes packaged loose cargo such as cartons or boxes. Bulk cargo includes 
unpackaged loose cargo such as grain and is rarely shipped via air. Break bulk cargo comprises 
nearly 60% of all air cargo shipped on commercial airliners. 


Practical Aviation Security. DOI: http://dx.doi.org/10.1016/B978-0-12-804293-9.00010-2 
© 2016 Elsevier Inc. All rights reserved. 
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cargo plot was the first known terrorist activity using scheduled air cargo service 
as a mode for implementing an attack. Many in the air cargo industry noted that 
the attack caused them to pay more attention to air cargo security, and that today, 
as a result of the failed attack, aircraft are much better protected from a bomb 
being introduced to the cargo hold (Woods, 2015). 

Most shipping customers assume that express or overnight delivery always 
utilizes air cargo service. However, only a small percent of packages travel by air 
and an even smaller amount is placed on a passenger-carrying plane as cargo. 
These small percentages still represent over 10.5 million tons of cargo shipped by 
air every year within the United States. Of that capacity, over 8 million tons are 
shipped as cargo on international flights to and from the United States, along with 
over half a million tons of mail (Elias, 2010). 

All-cargo air carriers focus on the transportation of cargo and usually do not 
carry paying passengers.” However, passengers on all-cargo aircraft are known as 
supernumeraries and are subject to background vetting as prescribed by the 
Transportation Security Administration (TSA). The US GAO estimated that at least 
22% of a US passenger airliner’s hold is, on average, cargo, with the remaining 
cargo transported by all-cargo aircraft. The vast majority of air cargo, more than 9 
million tons, is transported each year (FY 2000 average) by all-cargo operators, 
such as FedEx, UPS, and DHL. The remaining 2 million plus tons are carried by 
passenger carrier aircraft, right beneath the passenger cabin floor (GAO, 2002). 
Passenger planes often specialize in carrying “just-in-time” cargo, which consists of 
perishable items such as seafood and flowers or high-value fragile items like 
computers, jewelry, and artwork. Manufacturers also rely on just-in-time air cargo 
shipments to reduce inventory costs and stay competitive in global markets 
(Airforwarders, 2006). The individual size and weight of items carried as air cargo 
are usually smaller and lighter as compared to cargo carried by rail, vessel, or truck. 
Air cargo is usually needed at the destination more quickly than alternative forms 
of transportation. 

The three primary risks associated with terrorism that apply to the air cargo 
industry are as follows: 


1. Hijacking an all-cargo aircraft and using it as a weapon of mass destruction. 

2. Introducing an explosive to a passenger-carrying aircraft via the air cargo 
supply chain. 

3. The illicit shipment of weapons, explosives, or chemical, biological, 
radiological, and nuclear agents via air cargo. 


The industry has already experienced examples of the first two types of threats 
with the Yemen air cargo bombs in 2010 and in 1994 when a former FedEx 
employee attempted to hijack a FedEx flight for the purpose of crashing into the 
ground. Other security risks include theft and smuggling and shipment of 





?Passengers are occasionally carried on all-cargo airlines to accompany cargo such as human 
organs, animals, or perishable high-value items that need constant monitoring and attention. 


Terrorism and Crime in Air Cargo 


undeclared or undetected hazardous materials aboard an aircraft (Elias, 2010). 
Since 9/11, two Congressional acts have attempted to address the security of air 
cargo: the Implementing the Recommendations of the 9/11 Commission Act 
(2007) and the National Intelligence Reform Act (2004). 


TERRORISM AND CRIME IN AIR CARGO 


In 1979, Ted Kaczynski (aka, the Unabomber) placed a bomb in the hold of an 
American Airlines passenger aircraft in a parcel shipped via US mail. Other 
bombs had previously been placed in cargo holds in the early 1970s. Kaczynski’s 
bomb failed to detonate and began smoking, which alerted the flight crew. The 
flight crew immediately landed the aircraft without further incident. Although his 
identity was not known at the time, Kaczynski was also responsible for mailed 
bomb attacks to university professors. The Federal Bureau of Investigation (FBI) 
suspected that the attempt on American Airlines was implemented by the same 
suspect that had attacked the university professors. Therefore, the FBI nicknamed 
the suspect the Unabomber—based on the acronym UNABOMB, which stood for 
“university and airline bomber.” 

After 9/11, the Aviation and Transportation Security Act of 2001 (ATSA, 2001) 
required the federal government to provide for “the screening of all passengers and 
property, including US mail, cargo, carry-on and checked baggage, and other 
articles, that will be carried aboard a passenger aircraft operated by an air carrier or 
foreign air carrier in air transportation or intrastate air transportation” (ATSA, 
2001). Foreign air carriers operating within the United States must abide to 
All-Cargo International Security Procedures (ACISP). 

ATSA (2001) also specified that “a system must be in operation to screen, 
inspect, or otherwise ensure the security of all cargo that is to be transported in 
all-cargo aircraft in air transportation and intrastate air transportation as soon as 
practicable after the date of enactment of the Aviation and Transportation 
Security Act’ (ATSA, 2001). However, this language was not interpreted to 
require physical screening or inspection of cargo shipments; rather, the TSA 
relied on the use of the Known Shipper program to prevent the introduction of 
unknown sources aboard passenger aircraft (Elias, 2010). 

Air cargo security continued to be a national security concern when, in 2003, 
the Department of Homeland Security (DHS) issued warnings that al-Qaeda might 
be plotting to fly cargo planes from overseas into US targets, such as nuclear 
power plants, bridges, and dams. Also in 2003, Charles McKinley hid in a ship- 
ping crate and mailed himself by air on a cargo flight from Newark, NJ, to 
Dallas, TX, to visit his parents (CNN, 2003). He miraculously survived the trip, 
was arrested, charged, and served a year in prison. In Feb. 2004, three individuals 
shipped themselves in a shrink-wrapped pallet on an all-cargo flight from Santo 
Domingo, Dominican Republic, to Miami, FL. They were caught in a warehouse 
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at Miami International Airport. In Aug. 2004, a woman shipped herself in a cargo 
crate from Nassau, Bahamas, to Miami, FL. Both incidents again spotlighted the 
apparent lack of security in the air cargo industry (GAO, 2005). 

Critics of the lack of air cargo security underscored that the preceding 
incidents demonstrated how easily a weapon, bomb, or even a terrorist could be 
transported by air cargo. Prior to 2010, many aviation security experts had 
predicted nonpassenger-related air cargo would become a target for terrorists 
because of the traditionally fewer screening requirements for air cargo, combined 
with the improvements made in passenger and baggage screening. As stated in a 
2003 report to Congress: While using cargo as a means to place explosive or 
incendiary devices aboard aircraft has historically been rare, heightened screening 
of passengers, baggage, and aircraft may make cargo a more attractive means for 
terrorists to place these devices aboard aircraft in the future (Elias, 2008, p. 8). 

Some have speculated that the somewhat unpredictable nature of logistics in 
the air cargo supply chain may in some cases reduce the probability of success to 
anyone attempting to place a bomb onboard a commercial aircraft via air cargo 
(Fig. 10.1). However, the probability of continued use of air cargo as a mode for 
terrorism is significant since even a failed attack, such as the Yemen air cargo 
plot, can have a significant economic impact on society. 
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FIGURE 10.1 


Flow of cargo from shipper to air carrier. The top path represents shipping via an IAC 
(ie, a freight forwarder or airforwarder). The bottom path represents a direct shipping 
operation. 


From Government Accountability Office. 


Terrorism and Crime in Air Cargo 


Placement of an improvised explosive device (IED) onboard an all-cargo 
aircraft for the purpose of destroying the flight and thus harming the economy 
was originally part of the 9/11 attacks. That strategy was rejected by Osama bin 
Laden as he felt it was an unnecessary complication to the plan. The fact that 
al-Qaeda considered bombing all-cargo carriers demonstrates that terrorists 
understand the significant impact air cargo has on the global economy. In the 
following passage, the TSA agrees that air cargo will be a threat to commercial 
aviation: 


It has been reported that TSA considers the likelihood of a terrorist 
bombing of a passenger airplane to be between 35% and 65% based on 
year-old intelligence reports, and TSA believes that cargo is either likely 
to become, or already is, the primary aviation target for terrorists in the 
short term. 

Elias, 2008, p. 5 


According to Inspire, an al-Qaeda propaganda publication, the cost to al-Qaeda 
of the Yemen air cargo plot was about $4200, whereas the United States has spent 
billions in attempting to secure the air cargo supply chain. The predictions of 
security experts were accurate when two explosives were introduced to the aviation 
supply chain out of Yemen. 

In 2006, finalized rulemaking of the Air Cargo Security Act established the 
Full All-Cargo Aircraft Operator Standard Security Program (FACAOSSP) and 
the Indirect Air Carrier Standard Security Program (IACSSP). The act specifi- 
cally required security threat assessments (STAs) for individuals handling air 
cargo, and criminal history record checks (CHRCs) and STAs for individuals 
working in cargo operations areas with access to aircraft. The rulemaking also 
required airports to make their cargo areas secure identification areas (SIDAs) 
and aircraft operators the final responsible party for what is carried on their 
aircraft. Remissions for this act were that it did not require CHRCs for aviation 
workers with unescorted access to all-cargo aircraft, ramps, and cargo, but instead 
gave priority to the use of STAs as a means to mitigate CHRCs and other risks. 
Also, the act did not require training of crewmembers in the all-cargo common 
strategy plan as is required in passenger airline domain. Additionally, no require- 
ments for reinforced flight deck doors were specified (as in passenger airline 
operations) and, perhaps most important, no requirement for inspection of cargo 
loaded on all-cargo aircraft was stipulated. 

Unfortunately, major cargo and baggage theft rings have been uncovered at air- 
ports throughout the United States and the smuggling of contraband, counterfeit, 
and pirated goods has also been a problem for air cargo security. A large portion of 
air cargo crime is committed either by cargo workers or with the assistance 
of cargo workers, so increased security of cargo operations areas and improved 
background checks of cargo workers may help reduce crime and terrorism 
associated with air cargo (Elias, 2010). The USA PATRIOT Act required the US 
Department of Justice to establish a separate category for cargo theft in the 
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Uniform Crime Reporting System and also refines relevant statues and increases 
criminal penalties for cargo theft and stowaways (Elias, 2010). 

In 2007, the Implementing the 9/11 Commission Recommendations Act (known 
as the 9/11 Act) was signed into law. This required the DHS to establish 100% 
screening of cargo transported on passenger aircraft and further clarified that 
screening in this context means the physical examination or use of other 
nonintrusive methods (eg, X-ray, explosive detection system (EDS), explosive trace 
detection (ETD), K-9) (Elias, 2010). The legislation mandated an interim milestone 
to screen 50% of all cargo by 2009. The goal is eventually to screen 100% of 
all cargo carried on passenger aircraft both domestically and internationally. 
The Certified Cargo Screening Program (CCSP) and several other programs have 
been created by the TSA to meet these objectives. One focus has been to look at 
screening cargo at various points throughout the supply chain, rather than just at 
the airport. 

Historically, terrorists select specific targets for specific reasons, thereby 
making the element of time and scheduling important to the success of the attack. 
When using an indirect air carrier (IAC), the shipping party most likely will not 
know what schedule or flight the cargo will be shipped on, which makes targeting 
a specific flight or targeting any passenger aircraft difficult. IEDs that use timing 
devices may also not be as effective, as there is no guarantee when the cargo will 
move from the air carrier sorting facility to the aircraft, or whether it is on a 
passenger aircraft or an all-cargo flight. IEDs detonated with a barometric trigger’ 
provide some assurance that the bomb will detonate in flight—again, there is no 
guarantee what flight the bomb will be on. Conceivably, terrorists could place 
bombs in air cargo with barometric trigger switches and not care what flights are 
attacked, which, as we have learned, may be a viable strategy for certain 
outcomes, such as social fear and general economic impact or increased spending 
for new security measures by governments. 

The cargo areas of a commercial airliner are hardened for structural and safety 
reasons. Additionally, aircraft cargo areas have relatively large objects of mass 
that can buffer an explosion. Therefore, a bomb of sufficient force is needed to 
cause serious damage or destruction. This usually requires a device that is more 
easily detected by screening technology. Bombs created for detonation in the 
passenger cabin do not have to be as big, as the bomber can ensure the device is 
placed right next to the skin or window of an aircraft. 

Prior to 9/11, methods and policies related to air cargo security did exist. 
While most air cargo was not inspected using methods similar to those used 
for checked-baggage screening, the TSA had taken the following steps: 


1. Issuing security directives and information circulars to air cargo entities. 
2. Required air cargo operators to have security programs. 





3An instrument that detonates a bomb once the aircraft achieves a specified barometric altitude. 
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3. Adopted an internal air cargo strategic plan to provide guidance for the future 
of air cargo security. 

4. Initiated a new cargo profiling system to identify high-risk freight. 

5. Convened the Aviation Security Advisory Committee (ASAC) Working Group 
and a Freight Assessment System (FAS) Working Group to develop ways to 
identify suspect air cargo. 

6. Increased funding for air cargo security research and the development of 
advanced inspection technology. 


Since 9/11, the air cargo industry has taken proactive measures to further 
secure air cargo. These initiatives include the following: 


1. Participated in the TSA’s ASAC Working Group offering its facilities as 
test-beds for new inspection technologies and security programs. 

2. Advocated the use of canines for inspections. 

3. Maintained barriers to protect the flight decks of all-cargo aircraft. 

4. Implemented many of the ASAC Working Group recommendations without 
waiting for TSA mandates. 


THE NATURE OF AIR CARGO 


To better understand challenges to managing security as related to air cargo, it is 
necessary to understand the complex nature of the air cargo supply chain. 
Commercial service airlines carry passengers along with some amount of baggage 
and cargo in the hold of the aircraft, which is provided by either a direct shipper or 
a freight forwarder. Some companies, such as pharmaceutical firms, fresh food, and 
fresh flower/plant companies that rely on short delivery cycles contract directly with 
the passenger airlines and are known as direct shippers. A direct shipper is not in 
the business of shipping goods, but must ship them as part of their business model. 
By contrast, freight forwarders are businesses that act as transportation agents to 
companies desiring to ship cargo by air. Freight forwarders make their money by 
shipping goods for other companies. Freight forwarders manage the logistics of 
picking up, shipping, and dropping off packages on behalf of their customer. 

An IAC is a freight forwarder that solicits or receives freight from other 
companies and consolidates the cargo into larger shipping units for air transport. 
TACs usually provide pickup and delivery of the freight from the shipper to the 
recipient and frequently use vehicles, vessels, and rail to move some freight. 
Freight forwarders must have an IACSSP and are part of the Indirect Air 
Carrier Management System, which the TSA uses to approve and validate new 
and existing [ACs. Freight forwarders are also known as airforwarders and are 
characterized by the Airforwarders Association as follows: 


Airforwarders are best understood as “travel agents for cargo” as they schedule 
the movement of cargo using other company’s planes. Airforwarders can be very 
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large businesses responsible for moving big shipments for companies like IBM or 
the Department of Defense, or small, family-owned companies that move cargo 
through their region. Airforwarders, who can also be referred to as freight 
forwarders or indirect air carriers (IACs), were traditionally responsible for 
organizing the travel of cargo from Point A to Point B. Today, however, 
airforwarders are tasked with the planning, oversight and responsibility for trans- 
porting companies’ goods and products—anything from flowers and seafood to 
pallets of humanitarian supplies—from one end of the supply chain to the other. 
The parameters of this job include steps such as pick up of goods, customs 
clearance, transportation, warehousing, regulatory compliance and delivery. 
Airforwarders, 2006, p. 1 


Companies who utilize airforwarders typically have cargo requiring transporta- 
tion directly to a customer or in less time than a traditional overnight all-cargo 
operator can provide (eg, fresh seafood or perishable medical supplies). 
Airforwarders must ensure cargo is screened and secure throughout the supply 
chain. Airforwarders accept cargo at their facilities or pick it up from the customer 
and deliver it to the air carrier facility. The aircraft operator (passenger air carrier 
or all-cargo) then takes receipt of the cargo, loads it on an aircraft, and flies it to 
the desired location. The cargo is then picked up by an agent of the airforwarder 
and transported to the final destination (Airforwarders, 2006). 

The screening and inspection of cargo is a serious issue with significant finan- 
cial ramifications should the system be disrupted by attack or overly burdensome 
regulatory processes, as described in the following: The air cargo system consists 
of a large, complex distribution network linking manufacturers and shippers to 
freight forwarders to airport sorting and cargo-handling facilities where shipments 
are loaded and unloaded from aircraft. Business and consumer demand for fast, 
efficient shipment of goods has fueled the rapid growth of the air cargo industry 
over the past 25 years. In fiscal year 2001, about 13.9 billion revenue ton miles 
(RTMs) of cargo were shipped by air within the United States, and another 
14.5 billion RTMs of cargo were shipped by air on international flights to and 
from the United States. It is estimated that air cargo shipments will increase by 
49% domestically and by 86% internationally over the next 10 years. In 1999, air 
cargo comprised about 0.4% of all freight movement in the United States. While 
this percentage may seem small, it is much greater than the 0.07% of freight that 
traveled by air in 1965, indicating that not only is the volume of air cargo increas- 
ing significantly, but so is the percent of total freight movements that travel by 
air. Also, cargo shipments by air comprise a significant percent of the total value 
of cargo shipments. In fact, in 2000, air cargo accounted for 29.7% of interna- 
tional trade by value, surpassed only by maritime shipping which accounted for 
37% of the import/export value of cargo (Elias, 2008, p. 1). 

To address adequately concerns related to air cargo security, all elements of 
the air cargo supply chain must be considered. From the time an item is sealed 
and sent out, the integrity of the item must be maintained while it is moved to the 
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airport (or possibly an interim warehouse facility if the item is being moved via a 
freight forwarder). The security of the cargo must be preserved as it is moved 
from the truck to the air cargo sorting facility and, finally, to the aircraft. 

How air cargo should be screened has been a topic of debate internationally 
for several years and domestically since 9/11. Some have suggested that an 
expedient solution is to screen all cargo placed on commercial aircraft just like 
baggage is screened. However, this solution is not practicable. To do so would 
cost billions of dollars and bring air cargo operations to a halt, as noted in a 2003 
Congressional Research Service report on air cargo security: 


Given the sheer volume of cargo that must be expediently processed and loaded 
on aircraft, experts generally agree that full screening of all air cargo, as is now 
required of checked passenger baggage, is simply not feasible with available 
screening technologies and procedures. In fact, it has been reported that TSA 
computer models estimated that if full physical screening is implemented, only 
4% of the daily volume of freight at airports could be processed due to the 
time that would be required to breakdown shipments, inspect them, and reassem- 
ble them for transport. Currently, less than 5% of cargo placed on passenger 
airplanes is screened. TSA staff have recently made recommendations to 
increase these inspections to 5%, acquire at least 200 additional explosive trace 
detectors system wide to support this effort, and conduct focused audits at freight 
forwarder and air cargo operations facilities. 

Elias, 2008, p. 2 


In 2005, the GAO assessed the TSA’s progress in developing and implementing 
proposed security measures and developing a system to target and inspect higher 
risk cargo. Both the TSA and US Customs and Border Protection agencies were 
involved. In 2006, the TSA was in the process of developing an FAS, which is a 
component of its air cargo database that is used to identify high-risk cargo (GAO, 
2005). In 2004, the TSA initiated testing on using EDSs (the same systems used to 
inspect checked baggage) to inspect break bulk cargo at Ted Stevens Anchorage 
International Airport in Alaska, Atlanta Hartsfield-Jackson International Airport in 
Georgia, Chicago O’Hare International Airport in Illinois, Dallas/Fort Worth 
International Airport in Texas, Los Angeles International Airport in California, and 
Miami International Airport in Florida. The testing was expanded to include the 
inspection of mail and some all-cargo operations. Initial testing demonstrated that 
the inspection by EDS of break bulk cargo and mail is feasible, but there were 
certain technological limitations such as false alarm rates that had to be resolved 
using ETD equipment. 

In 2005, the TSA’s air cargo strategic plan included the following four major 
components: 


1. Enhancing the Known Shipper program. 
2. Establishing a cargo prescreening system that identifies and inspects high-risk 
cargo. 
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3. Instituting major air cargo research and development programs. 

4. Partnering with airlines and others to implement additional measures such as 
enhanced background checks on persons with access to cargo and new 
procedures for securing aircraft between flights. 


The TSA committed $85 million in research and development to enhancing 
air cargo safety. The TSA established the following allocations: 


1. $26 million to evaluating EDSs and operating test programs at several 
airports. 

2. $21.5 million for research and development to identify how current 
technologies can be applied to air cargo. 

3. $7.5 million for research and development to identity existing technology that 
can be used to build automated inspection systems for US mail. 

4. $30 million to develop new technologies for inspecting cargo for explosives 
and radiation, chemical, and biological agents. 


Part of the TSA’s research and development program studies the feasibility 
of alternate inspection systems. Some systems feature additional trace element detec- 
tion systems that can detect explosive substances by sampling air molecules within 
break bulk cargo packages and shipping containers. Other systems use quadruple res- 
onance imaging, or high-energy computed tomography, which can generate three- 
dimensional images of oversized boxes and palletized cargo and containers. 
Backscatter X-ray, Terahertz spectrometer-based trace detection that detects residues 
based on spectrum analysis, and nuclear detection systems that measure radioactive 
elements and ratios within a container are also in development. 

The benefit of shipping cargo by air is the ability to move an item much faster 
than by land or sea transportation. Therefore, the ability to facilitate ground 
vehicles that have to deliver and pick up packages through the airport cargo facili- 
ties in a short time is essential. Although it may only take a minute or two to run 
packages through an EDS or to run trucks through a backscatter X-ray system, 
each minute adds additional time to loading and unloading and thus additional 
delays. Over the course of an hour, these minor delays will add up to a significant 
overall delay. This is the reason the air cargo industry and the government strive to 
identify high-risk cargo for inspection rather than inspecting all cargo. 


KNOWN SHIPPER PROGRAM 


Historically, the primary air cargo security program has been the Known Shipper 
program, a by-product of the 1996 Gore Commission report and a mainstay air 
cargo security program (called registered agent) internationally. A known shipper 
was originally based on the airline knowing the shipper through the course of 
business and being approved by a particular airline to ship cargo on that airline. 


GAO on Air Cargo 


Before 9/11, each airline had its own protocols for known shippers. In most cases, 
a representative of the airline would physically visit and inspect the shipper’s 
facility, which could be anything from a large warehouse in the industrial district to 
the basement of someone’s house. Once approved by the airline, the shipper could 
then ship on that airline. However, the shipper had to repeat the same protocol with 
each airline used to transport air cargo. 

After the air cargo security changes in 2006, the TSA began developing the 
Known Shipper Data Management System (KSMS). Through this system, the TSA 
took over the vetting process including facility inspections and compliance with 
security programs. Known shippers are kept in a centralized database whereby the 
TSA can conduct further background and intelligence database checks. The 
shipping industry no longer needs to be approved to do business on each air carrier, 
as once a shipper is approved by the TSA and added to the KSMS, any airline will 
be able to accept that shipper’s goods (P. Hamilton, assistant general manager, Air 
Cargo Programs, TSA, personal communication, 2006). Since 2008, the TSA has 
processed more than 1.4 million entities through the KSMS. 


GAO ON AIR CARGO 


The GAO issues reports on air cargo security and the ability of the TSA to meet 
established US government mandates. A GAO (2002) report noted that in a TSA 
investigation, inspectors found numerous security violations by freight forwarders 
and air carriers, both of which are required under federal relations to have security 
programs. The second area of vulnerability included tampering with cargo during 
transport by vehicle to the airport or at the cargo-handling facilities. The report 
stated that cargo theft has been a major problem with the industry, accounting for 
more than $10 billion in losses from all forms of transportation annually. For 
example, in one notable incident at Brussels, Belgium, airport in 2001, thieves 
stole $160 million in diamonds from a Lufthansa aircraft (Price, 2003). The losses 
generated by theft within the air cargo community also demand that aircraft 
operators pay significant attention to protecting the air cargo supply chain. 

The GAO (2002, p. 3) recommends a three-phase strategy called a risk manage- 
ment approach to air cargo security. Phase 1 is to conduct a threat assessment identify- 
ing potential threats to air cargo, phase 2 is to conduct a vulnerability assessment to 
identify weaknesses that may be exploited, and phase 3 is to conduct a criticality 
assessment that prioritizes security assets and functions and identifies what systems, 
methods, or procedures are vital to securing air cargo. From these efforts, the GAO 
made a series of recommendations to enhance cargo security, which included the 
following: 


1. Use radio frequency electronic “seals” to secure cargo—this technology 
transmits an alarm if the container has been compromised. 
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2. Develop or use a variety of systems capable of detecting weapons of mass 
destruction, including X-rays, radiation, trace and vapor detection systems, 
and greater use of canines. 

3. Use pressure chambers to detect and detonate on the ground any explosive 

device with a barometric trigger. 

Develop blast-hardened containers to store cargo within the aircraft. 

Use access control biometric technology to ensure only authorized persons are 

able to handle cargo. 

Use GPS tracking systems to track cargo throughout the transport. 

Use closed-circuit television to monitor the loading of cargo into the aircraft. 


as 


> 


The GAO also recommended better operational practices to improve air cargo 
security, including cargo profiling, identification cards, background checks 
for personnel handling cargo, and employing qualified security officers at cargo 
facilities. Many of these recommendations would be reflected in the TSA’s 
ASAC, which in 2003 focused on air cargo security issues. 

In 2005, the GAO (2005) published another report in response to US 
Congressional inquiries about the progress and status of air cargo security. The 
report focused on the GAO’s investigations of three areas: 


1. To what extent has the TSA implemented a risk-based management approach 
to air cargo security? 

2. What actions has the TSA taken to ensure the security of air cargo and what 
may limit their effectiveness? 

3. What are the TSA’s plans for enhancing air cargo security, and what 
financial, operational, and other challenges do the TSA and industry 
stakeholders face in implementing these plans? 


The GAO report determined that although the TSA had completed a risk- 
based strategic plan, it had not completed risk assessments for air cargo security: 


TSA established an automated Performance and Results Information System 
(PARIS) to compile the results of cargo inspections and the actions taken when 
violations are identified. Our [GAO] analysis of PARIS inspection records shows 
that between January 1, 2003, and January 31, 2005, TSA conducted 36,635 cargo 
inspections of air carriers and indirect air carriers and found 4,343 violations. 
GAO, 2005, p. 38 


The GAO did note that the largest number of violations cited was for failing 
to adhere to the indirect air carrier security program. The second largest number 
of violations issued was for not properly documenting air cargo procedures. 
The GAO also noted that the third largest violation fell into the “other” category 
(Fig. 10.2). This category is used for issues not easily categorized in the violation 
fields of the agency’s PARIS database. The study did show that failing to 
properly inspect cargo had the lowest number of citations. 
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Violation area 
aAccording to TSA officials, “other” includes information on violations not specifically identified 
in the agency’s PARIS database. 


FIGURE 10.2 
Top 10 areas in which violations were found during air cargo inspections for the period 
Jan. 1, 2003, to Jan. 31, 2005. 


From Government Accountability Office. 


The TSA is currently developing a system to compare information on air cargo 
shipments and the PARIS databases against certain targeting criteria to assign a risk 
level (GAO, 2005). Cargo identified as posing a higher risk will then be subjected to 
higher levels of scrutiny and inspection or possibly not carried by aircraft at all. 


AVIATION SECURITY ADVISORY COMMITTEE: AIR CARGO 


In 2003, the ASAC Working Group, which included organizations such as the 
Airline Pilot Association, the Cargo Airline Association, the Airforwarders 
Association, the American Association of Airport Executives (AAAE), the FBI, 
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the National Air Transport Association, the Air Transport Association, the 
National Customs Brokers and Forwarders Association, and the US Postal 
Service, studied concerns related to air cargo security. The ASAC Working 
Group recommended security enhancements to address various risks associated 
with air cargo. The result was 40 separate recommendations that would eventually 
form the basis of the TSA’s air cargo security rulemaking. 

The committee focused on three broad-based security areas: shipper accep- 
tance procedures, IAC security, and security of the all-cargo aircraft. In regard to 
shipper acceptance, the committee recommended that the Known Shipper 
program be strengthened, that government databases be coordinated to provide 
more and better information on threats, that research and development focus on 
new or enhanced technologies to better screen cargo, and that freight from 
unknown shippers be screened. 

In regard to IAC security, the committee recommended that [ACs implement a 
validation program that requires the IAC to be accredited, that security measures 
address en route security (to the airport), and that some form of security screening 
for employees of IACs be instituted with necessary security training. As related to 
the protection of all-cargo aircraft, the committee recommended better airport 
perimeter access controls, the identification and credentialing of employees with 
access to cargo ramps, screening of individuals with access to aircraft and cargo 
ramps, securing unattended aircraft, searching all-cargo aircraft, and better incident 
response procedures and security training for all-cargo personnel. 

At the 2004 AAAE Annual Conference, several members of the air cargo 
community pressed the TSA to issue a notice of proposed rulemaking for 
new air cargo requirements. The TSA, which had been focused primarily on 
major issues related to passenger and baggage screening and organizing its new 
government department, had been slow to respond to the AAAE’s request. 
However, many air cargo companies were anxious for regulations to at least be 
introduced so they would know what to expect. Some air cargo companies 
expressed reluctance to implement their own security measures at the risk of 
taking actions that would not be required under future rulemaking. In 2004, the 
TSA issued a notice of proposed rulemaking regarding security regulations for 
air cargo. In 2005 the TSA hired more than 300 air cargo security inspectors 
(ACSIs), and in 2006 the TSA published the air cargo regulations in the Federal 
Register, thereby making them official regulations for the air cargo industry. 


SUMMARY OF TSA RULEMAKING 


The overall changes with the 2006 TSA regulations have accomplished the 
following: 


1. Called for the requirement of security programs for all-cargo operators using 
aircraft more than 100,309.3 lbs in mean gross takeoff weight, known as the 
FACAOSSP. 


Summary of TSA Rulemaking 


N 


. Strengthened security programs for cargo operators using aircraft of more 

than 12,500 lbs. 

. Extended screening requirements to all-cargo operators. 

. Required airports to extend their SIDAs into the cargo operations areas. 

. Redefined the IAC definition to include all-cargo carriers. 

. Strengthened foreign air carrier cargo requirements to equal US domestic 

aircraft operator requirements (specific to ACISP requirements). 

7. Strengthened the Known Shipper program, including the TSA takeover of 
the Known Shipper program vetting process. The TSA also conducts random 
screening of a percentage of known shipper cargo agents. 

8. Implemented methods to identify and screen high-risk cargo. 

9. Required STAs on individuals who have unescorted access to air cargo. 

10. Screened passengers on cargo flights. 

11. Established all-cargo and IACSSP, requiring all IACs to have a 
TSA-approved security plan in place before operating as an IAC and 
shipping cargo via air. 

12. Accepted cargo only from an entity with a similar security program (in terms 

of accepting cargo from an IAC or from another aircraft operator). 


oO of Ww 


The TSA also implemented several other air cargo initiatives, including the 
development of Air Cargo Watch, a program whereby individuals within the air 
cargo supply chain can identify and report suspicious activity or cargo. Other 
programs include the increased use of canine explosive detection teams and surge 
programs using ACSIs. In the air cargo surge program, ACSIs are sent to an airport 
that is not their home airport to conduct surprise inspections. These inspections 
provide a second-look approach, whereby inspectors have an opportunity to 
discover security issues that particular airport security personnel may have missed. 

The TSA recognizes that the majority of air carriers and all-cargo operators 
are not subject to greater risk from crime or terrorism since these operators 
are usually better able to mitigate security threats and manage security compli- 
ance issues than smaller indirect carriers. The agency does worry about 
the smaller IACs not having sound security programs. This worry stems not 
from an unwillingness to comply on behalf of the small IACs, but that with 
fewer staff, resources, and related business pressures, the small IAC may not be 
in compliance or have a good understanding of the risks involved with air cargo 
(P. Hamilton, assistant general manager, Air Cargo Programs, TSA, personal 
communication, 2006). 

Since the implementation of TSA cargo regulations, the inspection process has 
generally consisted of air carrier personnel conducting visual and manual inspec- 
tions of air cargo. Visual inspections consist of looking for signs of unauthorized 
tampering. Examples of these inspections include looking for scratch marks on 
screws, tampering with packaging tape, unusual odors, and other abnormal 
signs related to packaging. If X-ray equipment is not available or the item is too 
large or too sensitive to be cleared by an X-ray device, a manual inspection can be 
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performed provided it is conducted with the shipper present. Air cargo personnel 
are required to be trained in proper and safe search procedures and have informa- 
tion available to notify local law enforcement if a suspicious item is discovered. 

In 2006, the US Congress was still focused on the issue of air cargo security 
and passed legislation (the 9/11 Act) calling for the 100% screening of all air 
cargo within 3 years. Although the intent of the legislation was for all cargo to be 
screened using the same measures and technologies as that used to screen carry- 
on and checked baggage, the TSA stated that screening (ie, physical inspection) 
could be waived if the cargo came from a certified facility—that is, a facility that 
meets certain security standards (Savage, 2007). All air cargo service providers 
have not yet sustained a 100% screening capability, but are making significant 
progress toward that goal by making better use of new technologies provided for 
in the TSA’s Air Cargo Advanced Screening System program. 

Airlines for America (formerly the Air Transport Association) and several 
cargo operators have argued that putting in facilities and equipment to screen all 
cargo would effectively shut down the air cargo industry. In contrast, airline pilot 
and flight attendant unions have supported the 100% cargo screening measure. 
While attempting to leave very little to regulatory interpretation, the TSA 2006 
legislation does not require screening facilities to be placed in the airport, which 
leaves some interpretation that cargo screening could be conducted at other areas, 
such as the shipper’s warehouse or other facility. 








UNKNOWN SHIPPERS AND US MAIL 


Shortly after 9/11, all-cargo shipments from unknown shippers were temporarily 
suspended and subsequently reinstated for a period of time. As of this writing, 
unknown shippers are only allowed to ship on all-cargo carriers, provided the 
cargo is not interlined to a passenger carrier. Only known shipper cargo can be 
interlined from all-cargo airlines to a passenger carrier. Items that weigh more 
than 16 ounces are required to be physically inspected before being placed into 
the US mail system. Postal service personnel look for irregularities in packaging 
or shipping processes. Items exempt from screening include human organs, 
human blood, emergency lifesaving drugs, human remains, US mail, diplomatic 
pouches, and air carrier company mail. 

Other forms of cargo include unaccompanied baggage (misplaced or lost) 
carried by the airlines for return to its owner and certain categories of cargo that 
are taken on board by a passenger, such as human remains (cargo frequently 
referred to as “accompanied commercial courier consignment’). The transporta- 
tion of mail is a unique security challenge since the Fourth Amendment to the US 
Constitution has established mail as private material protected from unlawful 
search and seizure (Elias, 2010). The US Post Office does have a screening 
process that relies on postal clerks who are trained to examine individuals 
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shipping packages that weigh more than 1 lb. However, after 9/11, mail weighing 
more than 1 lb was prohibited from being carried aboard passenger aircraft. Items 
weighing less than 1 lb are not subject to scrutiny and can be deposited in any 
mailbox, which easily circumvents the screening or questioning of the sender 
(Elias, 2010). However, only about 5—7% of all domestic mail shipment is 
transported by passenger or all-cargo aircraft. FedEx is currently the largest 
carrier of US mail and its operations account for half of the total volume of US 
mail shipments every year (Elias, 2010). 

In 1997, the Gore Commission recommended the US Postal Service obtain 
authorization to screen shipments weighing more than | lb using EDSs. However, 
this screening has not yet been implemented, nor has any current legislation 
enabled this screening criterion. While the TSA has not announced any plans to 
expand the use of canine teams for the specific purpose of screening mail, it is 
presently the only means approved by the TSA for screening mail weighing more 
than | Ib that is put on passenger aircraft (Elias, 2010). 


TITLE 49 CFR PART 1548 INDIRECT AIR CARRIER SECURITY 


Entities engaging in commercial carriage of cargo on passenger air carriers must 
adhere to Title 49 CFR Part 1548 Indirect Air Carrier Security. As with other 
sections of the regulations, the TSA maintains the authority to inspect the facilities 
and records of any entity regulated under Title 49 CFR Part 1548. TSA-compliance 
inspectors must be allowed access to security areas including the IAC’s facilities 
on an airfield. [ACs must also adopt the IACSSP that provides for the security of 
the aircraft against acts of violence (explosives, hijacking, etc.) from the time 
the cargo is accepted by the IAC until it is transferred to an employee other 
than the IAC (eg, an airline representative). IACSSP also includes procedures for 
storing cargo by the IAC. The IACSSP must also provide for security training for 
personnel employed by the IAC. The IACSSP is a sensitive security information 
document, and access and dissemination must be strictly controlled. 

IACSSPs must include measures to prevent the introduction of explosives or 
incendiaries and refuse to transport any item that has not been subjected to such 
measures. [ACs must ensure that any employee who comes in contact with cargo 
designated for shipping on an air carrier with an FACAOSSP or a foreign air carrier 
(in addition to ACISP requirements) must complete an STA or a CHRC before 
handling such cargo. A cargo employee who completes a CHRC does not have to 
complete a separate STA as the STA process is integral to the CHRC process. 

Additionally, anyone involved in handling cargo that will be shipped onboard 
a commercial air carrier must complete training in the IAC’s IACSSP, including 
applicable airport security requirements, security directives, and information 
circulars. [ACs must appoint an indirect air carrier security coordinator at the 
corporate level who is responsible for coordination and communication with the 
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TSA. Individuals such as the owner or partner of an IAC who controls more than 
25% of the IAC and any corporate officer or director must also complete the STA 
process. [ACs must ensure that cargo accepted from an unknown shipper is kept 
separate from known shipper cargo. 


CERTIFIED CARGO SCREENING PROGRAM 


The CCSP provides critical supply chain security and extends screening to 
manufacturing facilities, consolidation points, distribution centers, and independent 
cargo screening facilities (ICSFs). ICSFs provide a cost-effective avenue for small- 
and medium-sized freight forwarders to meet regulatory screening requirements 
(TSA, 2012). The CCSP is supported by the air freight and air carrier industries, 
leverages best practices from global supply chain programs, and enables businesses 
to choose the best and most effective model for managing cargo security. 
The CCSP allows businesses to: 


. screen cargo where it is packaged, 

. Maintain in-house packaging integrity, 

. avoid screening log jams at the airport, 

. build bulk configurations to minimize cost. 


AOUN- 


Certified CCSP facilities must successfully apply, participate, and adhere to 
strict security standards, including physical access controls, personnel security, 
and screening of prospective employees and contractors to TSA standards. A 
secure chain of custody must also be established from the screening facility to the 
side of the aircraft (TSA, 2012). 

Every individual element related to the shipment of cargo carried on passenger 
aircraft requires screening prior to being transported on any airline passenger 
aircraft. This could mean that skids and pallets would have to be taken apart, 
screened, and reconfigured. This process can potentially increase the chance of 
damaging the cargo and its contents (TSA, 2012). 

The TSA developed the CCSP to help industry reach the 100% screening 
mandate. The program enables freight forwarders and shippers to prescreen cargo 
prior to arrival at the airport. Most CCSP shipper participants have been able to 
quickly incorporate physical screening into their shipping process at a small cost 
relative to their overall operating expenses (TSA, 2012). 

Under the CCSP, the TSA certifies cargo screening facilities located throughout 
the United States to screen cargo prior to providing it to airlines for shipment on 
passenger flights. Participation in the program is voluntary and designed to enable 
vetted, validated, and certified supply chain facilities to comply with the 100% 
screening requirement (TSA, 2012). 

CCSP participants must have a process to screen prospective employees and 
contractors to TSA standards. They must conduct reviews of employees with access 
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to cargo, conduct STAs on all personnel who are part of the CCSP, and provide 
specialized training for individuals to conduct the screening and handling, or who 
have access to the screening area. CCSP participants must have procedures in place 
to prevent unauthorized access to the cargo facility where cargo is screened and 
stored, including with physical barriers in place (TSA, 2012). Shippers that do not 
want to become a certified cargo screener but wish to avoid delays or damage to 
their shipments due to the screening process can use a freight forwarder’s IAC 
services or an ICSF. An ICSF is authorized by the TSA only to screen cargo that 
will be transported by a passenger air carrier (TSA, 2012). Most ICSFs are not 
freight forwarders. The TSA web site maintains lists of equipment that is certified 
for use in ICSF cargo screening and also a list of ICSFs. 

Certified cargo screening facilities (CCSFs) are entities that are in the business 
of screening cargo (vs shipping cargo). CCSFs must carry out a TSA-approved 
security program and adhere to strict chain of custody requirements. Cargo must 
be secured from the time it is screened until it is placed on passenger aircraft for 
shipment (TSA, 2012). 


CURRENT AIR CARGO SECURITY MEASURES AND ISSUES 


Since 9/11, the TSA has implemented numerous measures to secure two primary 
forms of air cargo: domestic and inbound. Domestic cargo is transported from 
locations within the United States. Inbound cargo is brought into the United States 
from an international origin. As of 2012, the TSA estimated that over 90% of 
domestic cargo transported on passenger aircraft was being screened. However, 
inbound cargo remains a challenge with significantly lower percentages of cargo 
confirmed as screened or secure prior to arriving at US security checkpoints. 

In 2007, the passage of the 9/11 bill added more requirements to air cargo secu- 
rity. The TSA worked with the US Congress to significantly strengthen security 
of air cargo through the 9/11 bill. In the 9/11 bill, the TSA is mandated to screen 
50% of air cargo on passenger-carrying aircraft within 18 months and 100% within 
3 years. The TSA uses a multilayered, high-tech, industry-cooperative approach, 
utilizing surprise cargo security inspections called strikes, covert testing processes 
designed to evaluate the reliability and validity of security screening measures, 
security directives, and 100% screening at 250 smaller airports. The bill also 
required the TSA to eliminate all exemptions to screening of air cargo and increase 
the amount of cargo that is subject to mandatory screening. With the new regula- 
tion, it is anticipated that the TSA will conduct approximately 100,000 more 
background checks, specifically on air cargo employees who screen cargo or have 
knowledge of how it is going to be transported or who actually transport the cargo. 
The rule also requires more robust checks and more visibility on the shipping 
companies and their employees. 

The Air Cargo Division of the TSA currently regulates over 730 charter aircraft 
operators and 41 all-cargo aircraft operators. TSA principal security inspectors 
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(PSIs) assist air carriers in ensuring system-wide compliance with applicable 
regulations. The PSI acts as the primary point of contact between TSA and the 
assigned air carrier on all matters involving aviation security (TSA, 2012). 

More than 460 TSA canine teams are now assigned to 25% of each workday 
in an air cargo—related environment. All-cargo airlines are now subject to random 
inspection through explosives detection equipment and K-9 detection procedures. 
Any cargo classified as high risk is also screened using procedures such as 
manual inspections or K-9 review. Airport operators are now directly involved in 
protecting their portion of the cargo supply chain, specifically the airfield where 
cargo is delivered, sorted, and then transported to the aircraft. This effort requires 
dual responsibility from the airport operator and aircraft operator. Perimeter 
fencing, access control, and secure storage of freight help to ensure that cargo is 
not tampered. The airport operator must now also ensure that air cargo areas are 
designated and managed as SIDA and protected. 

The TSA has hired and deployed hundreds of ACSIs who review IAC security 
programs and conduct routine and unplanned inspections at shipping facilities. In 
addition, the TSA has instituted a program called Air Cargo Watch, which is a 
security awareness program designed to give cargo employees and private citizens 
the ability to detect, deter, and report potential or actual security threats. Air Cargo 
Watch materials include a presentation, posters, and a training guide. The posters are 
used to maximize security awareness within the entire air cargo supply chain. Entities 
displaying the posters should also add phone numbers for local police, sheriff, fire, 
and rescue services, in which space is provided for on each issued poster. 

TSA agents now routinely conduct air cargo vulnerability assessments across 
the United States. These assessments are designed to identify critical air cargo 
supply chain nodes and identify and evaluate the risks of each node to the air 
cargo supply chain should a threat be implemented. 

Stowaways have been a periodic annoyance to the aviation industry, but 
generally nonthreatening to the safety or the security of the flight. Stowaways 
hiding aboard commercial aircraft in wheel-wells (the most popular locations for 
stowaways) are placing themselves in extreme danger as they can be exposed to 
extreme temperature changes (eg, —40°F) and the significant lack of atmospheric 
pressure at normal operating altitudes. Many stowaways do not live through their 
attempt to hide in various areas of the aircraft. Bodies of most stowaways are 
usually discovered in wheel-well locations, or in some cases, fell out of the plane 
to their deaths when the landing gear deployed. 

Risks caused by stowaways are more of an indication of failures in security 
than an actual safety hazard. If the security of an airport or aircraft is such that it 
allows access by a stowaway, then this is also a sign that the security system may 
be inadequate to prevent an individual from accessing the plane to plant a bomb 
or commit some other form of terrorism. 

Preventing stowaways is a twofold responsibility: (1) the airport operator has the 
responsibility to control access to the airfield through the access control system and 
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perimeter protections and (2) the aircraft operator has the responsibility to ensure 
that no person or item is placed on board an aircraft without properly being screened. 

Since 9/11, there have been instances of individuals taking cover in the cargo 
hold of aircraft; cargo holds are pressurized and, compared to the wheel-well, 
much warmer. If a person can access the cargo area, there is a greater threat as 
they can introduce a bomb into the cargo supply chain, which may result in the 
device making it onto a passenger flight. 

Perimeter transgressions related to the potential of access by a stowaway 
have recently been experienced. For example, in 2012, an individual ran out of 
fuel while jet-skiing off the coastline of JFK airport, subsequently swam ashore, 
climbed the airport’s perimeter fence, and walked across the airfield to a 
concourse before he was stopped by an airline employee; the perimeter intrusion 
detection system apparently did not alert airport staff to the intruder. 

Stowaways are a concern for the TSA, to the extent that the agency is evalu- 
ating technology that can search for stowaways in cargo containers. Any such 
technology would have to be able to see through sealed containers made of 
wood, plastic, cardboard, fiberglass, or metal, and simultaneously not deter the 
flow efficiency of cargo. 


CONCLUSIONS 


Securing air cargo and related services is a prime concern for aviation security 
practitioners. Logistical processes for managing the air cargo supply train are 
complex and ephemeral. Air cargo security practitioners must embrace these 
challenges along with managing varying legislation for all-cargo airlines and 
passenger airlines that also carry cargo. The US Congress and the TSA have 
worked together to create legislation designed to help prevent cargo aircraft from 
being used as weapons of mass destruction. 

With hijackings becoming more difficult to implement, many stakeholders to 
the industry believe that air cargo may become a preferred avenue for attack. 
Therefore, new legislation such as ATSA (2001) and the 9/11 bill were created in 
response to this concern. 

Future concerns related to air cargo security include the potential requirement 
that all cargo must be inspected using EDS or similar processes. Some have 
argued that screening all cargo would effectively shut down the air cargo 
industry, whereas airline pilot and flight attendant unions have supported 100% 
cargo screening. Furthermore, the TSA is concerned over future risks posed by 
smaller IACs that may not have valid security programs. Recent legislation is 
enabling the TSA to mitigate future risks in air cargo. The TSA is developing a 
multilayered, high-technology, and industry-cooperative approach to managing 
security risks associated with air cargo. 
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PERSPECTIVES ON AIR CARGO, PRE- AND POST-9/11 


Dawn Escarcega 
Former cargo supervisor for America West Airlines 


I was a Cargo Supervisor for America West Airlines on Sep. 11, 2001. We also handled cargo for 
American Airlines, US Airways, and Midwest Express. Thousands of pounds moved through our 
facility every month. The majority of it was never inspected before it was loaded on a passenger 
aircraft. All cargo had to be visually inspected for tampering. There had been discussions for 
many years about making air cargo safer but the cost was the biggest issue. How were airlines 
going to afford equipment to screen all of the cargo? 

Before 9/11 we would accept cargo for transport on commercial aircraft from almost anyone. 
A person could walk into a cargo facility and ship a package anywhere in the world. A cargo 
employee would open the package, check the contents, and send it on a passenger aircraft. Could 
someone have hid something in there? Absolutely! Bombs have been made with liquid, put in 
shoes, made out of soda cans. There was no way for us to tell with a visual scan that the package 
was safe. These shippers were known as unknown shippers. 

A Known shipper could tender a shipment and it would not have to be inspected. Each airline 
had their own procedure for approving Known Shippers. The Known Shipper had a proven track 
record or had an inspection at their facility. I did a few Known Shipper inspections. I would go to 
a facility and look around, insure that they were shipping what they said, and approve them. That 
does not mean they could not turn their facility into something illegal after I left. 

IACs were freight forwarders that shipped cargo for other companies. They would drop off 
cargo shipments at our facility. These shipments did not have to be inspected at our facility. Most 
of them were consolidations, smaller shipments combined to make one larger shipment. 

Today things have changed for airlines and the way cargo is screened. In 2006, the TSA 
required that 100% of cargo be screened. New procedures were created to make this happen. 

Through the Known Shipper Management System, TSA identifies and approves the known 
shipper status for qualified shippers in the US carriers (IACs) and air carriers must comply 
with a range of specific security requirements to qualify their clients as known shippers. 
Shippers interested in transporting goods by air may contact their transportation service 
provider and request to become a known shipper (https://www.tsa.gov/for-industry/cargo- 
programs). 

Under the CCSP, TSA certifies cargo screening facilities located throughout the United States 
to screen cargo prior to providing it to airlines for shipment on passenger flights. The program is 
a practical, supply chain solution, which provides security while ensuring the flow of commerce 
(https://www.tsa.gov/for-industry/cargo-programs). 

CCSFs must carry out a TSA-approved security program and adhere to strict chain of custody 
requirements. Cargo must be secured from the time it is screened until it is placed on passenger 
aircraft for shipment. Any facility that tenders cargo directly to an air carrier or IAC may apply 
for the program (https://www.tsa.gov/for-industry/cargo-programs). 

Is cargo safer today than it was in 2001? Yes, but there is still more that can be done to 
protect aircraft from terrorists. Awareness is important to make sure everyone is safe. 
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OBJECTIVES 


In this chapter, we describe the evolution of terrorist activities and various crimes 
perpetrated within the aviation system. Aviation security practitioners must be 
able to detect and deter future unconventional terrorist and criminal acts. The 
security industry is responsible for designing resiliency into aviation security 
systems so responses are rapid and effective. Therefore, here we discuss existing 
and emerging threats to the aviation system and methods for mitigating, preparing 
for, responding to, and recovering from terrorist and extreme criminal attacks. 
This chapter examines practical strategies and tactics for accomplishing these 
requirements against current and future threats against aviation security. 


INTRODUCTION 


The United States has expended significant monetary resources since 9/11 to 
“fix” the aviation security system; however, as a nation the United States has 
much more work ahead in developing security systems that can mitigate future 
threats. Although part of our responsibility is to detect and deter terrorist and 
criminal acts, it is also part of our responsibility to build resiliency into the 
aviation security system such that responses are rapid and effective when a terror- 
ist or criminal act occurs, and ultimately, in a way that allows air transportation 
to continue. While some countries, such as Israel, have numerous additional 
layers of aviation security measures, to implement those same measures in the 
United States would be highly cost-prohibitive and would likely cause other 
significant issues. For example, at the Ben Gurion International Airport all 
vehicles approaching the airport are stopped, and a cursory or in-depth search 
(depending on the judgment of the security officer) is conducted. A 2016 editorial 
board op-ed article in the New York Times, posited the impact of that same 
security procedure being implemented at John F. Kennedy Airport. The result 
would be a traffic backup for miles. Another important consideration is the affect 
that additional aviation security measures may have on the mindset of terrorists, 
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who may decide that other, less hardened targets, such as railways, light rail, 
busses, and subways, are more attractive targets (New York Times Editorial 
Board, 2016). 

In a sense, aviation security is similar to the “prevent” defense in American 
football, which is commonly used when one team knows it has the lead. The 
coach of the leading team understands that by using the prevent defense, 
the opposition may be able to gain some yards, but is highly unlikely to score. 
While this concept may be difficult to apply to aviation security for someone 
unfamiliar with risk management, this strategy reduces risk, while still allowing 
the activity (eg, air transportation) to occur. 

Some strategies that are used in foreign airports or transportation systems are 
adaptable to US or other security systems. For instance, the Los Angeles 
International Airport has adopted a form of the vehicle inspection, by conducting 
random, rotating vehicle inspection checkpoints. The Transportation Security 
Administration (TSA) has also adopted, to a certain extent, the Israeli security 
questioning process through the creation of Behavior Detection Officers. Other 
scaled elements of security procedures used at Israeli and other airports, or even 
other industries, such as the industrial facility security industry, can be seen 
throughout the aviation system. 

Terrorism is a way to inflict harm on a country or entity with little risk to the 
terrorist organization’s infrastructure. In addition to direct damage to property and 
loss of life, a terrorist act produces publicity for a cause, economic damage, and 
changes to a way of life. Whenever a citizen sees heightened security, he or she 
is reminded of the attack that caused the new procedures and may continue to 
fear another attack. Thus, with one attack, numerous objectives have been 
achieved for the terrorist organization. 

While some terrorist attacks are conducted by established groups, such as an 
organization like al-Qaeda, which has a leader, logistical support, financial 
backing, and resource supply chains, other forms of terrorism, including an attack 
by a lone wolf, continue to develop. Lone wolf attacks are characterized by a 
single individual, who plans and conducts an operation, using little or no external 
support (Smith, 2009, p. 26). Other terrorist attacks are similar to the lone wolf 
attack, but include a pair of attackers, such as the Boston Marathon bombers, or 
the active shooter attacks in San Bernardino, CA, in 2015. 

In some instances, the lone wolf may have been radicalized by something the 
individual read or viewed on the Internet, as in the case of Nidal Hasan, who was 
convicted in the Ft. Hood shooting, where he killed 12 soldiers and civilians and 
injured 32 others. Nidal was a US Army major who was a follower of Anwar al 
Awlaki. Awlaki was also a US citizen, educated at an American university, and 
he eventually became one of the leading propaganda strategists for al-Qaeda. 
Although Awlaki was killed in a US drone strike in Yemen, his videos on the 
Internet continue to inspire followers to commit jihad (Bergen, 2016). 

Some new threats, such as cyber-attacks or the use of drones to attack an 
aircraft, are truly first-time threats that the aviation industry, and the world, is 
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only now beginning to face. Other threats, such as insiders facilitating attacks or 
providing support to terrorists, are among the oldest types of threats to aviation, 
but a resurgence of this type of attack has recently occurred. 

Although old enemies, such as al-Qaeda, are still in existence despite the 
takedown of their leader, Osama bin Laden, new organizations, such as the 
Islamic State in Iraq and the Levant, have risen up. Domestic terrorist groups, 
along with a variety of other organizations and individuals who are capable of 
committing acts of air terror, continue to operate in the United States. 


THREAT MATRIX 


Modern terrorism uses the Internet and other highly advanced technologies along 
with unconventional forms of implementing an attack. Therefore, many threats 
can no longer be eliminated through blunt force military power. Defeating current 
and future threats to our global aviation system requires strategies that combine 
military force where applicable and the construction of a resilient infrastructure. 
Airports and airlines must build sustainable resiliency into their security 
programs. 

In 2006, the United Kingdom’s Security Service publicly released figures - 
indicating there were an estimated 200 terrorist cells operating within the United 
Kingdom, with approximately 1600 operatives and more than 30 terrorist plots,’ 
including plots involving mass casualty suicide attacks in the United Kingdom 
(Associated Press, 2006). Similar claims were made in the United States, but the 
assertions eventually turned out to be false (Mueller and Stewart, 2016, p. 65). 

In the United States, in 2006, seven individuals were arrested for conspiring to 
bomb the Sears Tower in Chicago, IL, and attack the Federal Bureau of 
Investigation (FBI) building in North Miami Beach, FL, and other government 
buildings. At the time of the arrests, at a press conference, US Attorney General 
Alberto Gonzales noted: 


Recent events around the world have demonstrated the challenges posed by 
homegrown terrorists who live in the area that they intend to attack. The 
terrorists and suspected terrorists in Madrid and London and Toronto were not 
sleeper operatives sent on suicide missions. They were students, businesspeo- 
ple, and members of the community. They were persons who, for whatever 
reason, came to view their home country as the enemy. And it’s a problem in 
the U.S. as well. 

Gonzales, 2006, p. 2 





'MI-5 systematically examines each threat, placing threats on a sliding scale and acting as the 
threat reaches a specific point. 
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The Boston Marathon bombings and the active shooter attacks in San 
Bernardino, CA, are examples of threats closer to “home.” Insider attacks, as they 
have come to be known, are among the most difficult types of attacks to deter 
and prevent. In some cases, the “insider” was the pilot of a Germanwings aircraft, 
who locked the captain out of the cockpit and drove the aircraft into the ground, 
killing everyone on board. 

Not all terrorist cells are created equal, and in fact, the threat (and subsequent 
break up) of terrorist cells may have inadvertently caused the rise of the lone 
wolf attacker. In the Sears Tower plot, the plotters, known as the Liberty City 
Seven, were later described as a group of Haitian immigrants who imagined they 
had sworn allegiance to al-Qaeda and spent most of their time smoking 
marijuana. They had never traveled to Chicago, and it took the FBI three times of 
putting the men on trial on various charges before a jury would eventually convict 
two of the four jihadists (Bergen, 2016, p. 113). In another instance, Daniel 
Patrick Boyd, a former resident of Pakistan during the Afghan jihad against the 
Soviet Union, had undergone weapons training in rural North Carolina, was 
convicted (along with his followers) of conspiring to murder, kidnap, and injure 
persons overseas. The publicity generated by this and other successful cases 
demonstrated how easy it was to get caught if one was part of a group (ie, cell), 
and perhaps this realization spurred the appearance of a larger number of lone 
wolf terrorists (Bergen, 2016, p. 114). 

While the insider threat is highly dangerous, the most dangerous threat to 
aviation is perhaps the belief that a threat is unstoppable. Throughout the United 
States, one consistently hears two messages that demonstrate far too many people 
within the aviation system have this fatalistic view. The first statement is 
in regard to general aviation (GA) and the use of a GA aircraft to facilitate a 
terrorist attack. The statement goes something like “Isn’t it easier to rent a truck 
and fill it with explosives than it is to rent or steal an aircraft?” The second 
statement relates to suicide bombers. The statement goes something like “You 
cannot stop someone who is totally committed to attacking you and killing them- 
selves in the process.” 

Although commonly believed, neither of these statements helps prevent the next 
attack on aviation. The first statement does not negate our responsibility to prevent 
an aircraft from being used in a terrorist attack, whether it is a commercial service 
or GA aircraft. In the second case, whereas some terrorists will die for their cause, 
they will not “donate their lives cheaply.” Many suicide/homicide bomber attacks 
require significant planning and numerous personnel to be successful, which 
increases the opportunity for stopping an attack before it starts. Author Stephen 
Flynn (2007) offered a perspective that the aviation security practitioners should 
adopt to combat terrorism: 


Terrorism will increasingly be like the flu: the only thing we can safely predict 
is that each season there will be new strains. Thus, it is only prudent to bolster 
the odds that our immune system can successfully fend off the known strains. 
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This requires our identifying the most likely and attractive targets and striving 
to protect them from potential attacks. At the same time, we must also assume 
that not every attack can be prevented. This makes it critical that we be able to 
respond effectively when disaster strikes and have the means to rapidly restore 
what is damaged. (p. 18) 


Terrorists intend to conduct attacks that significantly harm their target, primarily 
economically. Their objective is not just to cause destruction or kill people but to 
effect massive change—they want to do something that will stay in the news for 
months if not years. 

While not generally perceived as such, another threat to aviation security is to 
assign success for a failed terrorist attack to the system, when the failure may have 
been for other reasons. On Christmas day 2009, Umar Farouk Abdulmutallab 
attempted to ignite a bomb concealed in his underwear on board a Northwest 
Airlines flight from Amsterdam to Detroit, MI. Janet Napolitano, secretary of the 
Department of Homeland Security (DHS) at the time, went on several talk shows 
days later, to assert that “the system worked,” when in fact it was Abdulmutallab’s 
own incompetence that kept him from bringing down a commercial airliner filled 
with holiday travelers (Bergen, 2016, p. 219). 

A subsequent investigation determined the US government possessed enough 
information to determine that Abdulmutallab was working for al-Qaeda in Yemen 
and that Abdulmutallab’s father notified US and Nigerian authorities about his 
son’s views a month before his son’s attempt to bomb the flight. Also, investigators 
later determined that al Awlkai had ordered Abdulmutallab to carry out the 
operation (Bergen, 2016, p. 222). As authors Mueller and Stewart point out, many 
thwarted terrorist attacks are the result of the incompetence and poor tradecraft of 
the plotters (2016). 

In many cases, terrorists are perceived to by highly intelligent and crafty, 
while the opposite is quite true. While some terrorists may indeed be smart, they 
may be inexperienced at terrorist operations (ie, tradecraft). Even in recent 
attacks, such as the Brussels airport bombings, the bombers left behind clues that 
could have alerted authorities to their intentions, such as leaving suitcases behind 
that would not fit in the taxicab (Gauthier-Villars et al., 2016). Leaving suitcases 
on the street is most definitely a suspicious activity in virtually every part of the 
world and should have been a tip off to anyone paying attention. Other prior 
intelligence leads and clues were also not pursued enough to identify the Brussels 
airport plot prior to the attack (Gauthier-Villars et al., 2016). 

As previously mentioned, the 9/11 hijackers left behind a trail of clues about 
their intentions, both before and after the attacks. In every case where a terrorist 
is caught or an attack is thwarted, aviation security practitioners should carefully 
evaluate whether it was the system that worked in catching or deterring the attack 
or was it simply blind luck or poor tradecraft on behalf of the attackers. 

Another threat to the United States that could stem from a terrorist strike, or 
repeated strikes, comes from our actions and responses as a society to attacks. 
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Admiral William J. Crowe, Jr., former head of the US Joint Chiefs of Staff from 
1985 to 1989, stated, “The real danger lies not with what the terrorists can do to 
us, but what we can do to ourselves when we are spooked” (Flynn, 2007, 
pp. 92—93). This quote reminds lawmakers and regulators that the real threat 
from terrorism comes not in the destruction of property or the death of our citi- 
zens, but in our own actions regarding the economic impact we allow to result 
from these attacks and the civil liberties we compromise in the process. If there is 
a question as to the real intent of today’s terrorists, consider that in a postarrest 
interview, notorious “shoe bomber” Richard Reid stated that the intended purpose 
of al-Qaeda is to disrupt and destroy the American way of life by striking at 
and crippling our economy. Policymaking must be tempered with patience in 
development and understanding of the resources required to combat a threat. 

Modern threats from terrorism fall into three areas: existing threats, emerging 
conventional threats, and emerging asymmetrical threats. Existing threats are 
those that have frequently been used. Emerging conventional threats include new 
yet probable forms of attack, such as the use of surface-to-air missiles (SAMs). 
Emerging asymmetrical threats include weapons of mass destruction (WMD) that 
may cause indiscriminant destruction. 

The US Patriot Act defined international and domestic terrorism. International 
terrorism means activities that (1) involve violent acts or acts dangerous to human 
life that are a violation of the criminal laws of the United States or of any state, or 
that would be a criminal violation if committed within the jurisdiction of the United 
States or of any state; (2) appear to be intended to (a) intimidate or coerce a civilian 
population, (b) influence the policy of a government by intimidation or coercion, 
or (c) affect the conduct of a government by mass destruction, assassination, or 
kidnaping; and (3) occur primarily outside the territorial jurisdiction of the United 
States, or transcend national boundaries in terms of the means by which they are 
accomplished, the persons they appear intended to intimidate or coerce, or the locale 
in which their perpetrators operate or seek asylum. 

Domestic terrorism means activities that (1) involve acts dangerous to human 
life that are a violation of the criminal laws of the United States or of any state; 
(2) appear to be intended to (a) intimidate or coerce a civilian population, 
(b) influence the policy of a government by intimidation or coercion, or (c) affect 
the conduct of a government by mass destruction, assassination, or kidnapping; 
and (3) occur primarily within the territorial jurisdiction of the United States. 

The combination of the insider threat, which has been prevalent throughout 
the history of aviation security, and terrorist threats facing the world today makes 
it relevant to discuss how terrorist groups operate, as this education may provide 
an opportunity for airport security practitioners to identify the elements and deter 
a possible attack. 

In Terrorism and Organized Crime, Michael R. Ronczkowski discussed methods 
of dealing with terrorism that are applicable to airport security (Ronczkowski, 2012). 
Terrorism assumes many guises—political, religious, social, cyber—and can occur 
in many forms, from bombings to hijackings, to active shooters, to a combination of 
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forms (an active shooter attack combined with a suicide bomber) or other elements 
such as chemical agents. Often, terrorists are using the protection provided by the 
laws of the country they are trying to attack as a shield for their activities. This can 
make dealing with terrorism a frustrating process, one that requires counterterrorism 
personnel to cooperate throughout the various agencies, react to the last attack to 
prevent future attacks, and think about future types of attacks and how to detect and 
interdict the attack, in a lawful manner, before it is launched. 

Terrorist operations run the gamut from the unprofessional, unsophisticated, 
and badly executed, through well-planned and executed attacks conducted by 
individuals with training and performance that equals that of the world’s special 
operations communities (Sloan and Bunker, 2011). Fortunately, not every attack 
resembles the planning, financing, and coordination that was prevalent in the 9/11 
attacks. Most attacks are amateurish in nature, as seen in the shoe bomber and 
underwear bomber attacks, occurring less and less at the middle and higher levels 
of sophistication and professionalism (Sloan and Bunker, 2011). 

Professional terrorist groups often reflect the operational theories and practices 
articulated by former Vice Admiral William McRaven and in the OODA 
(observe, orient, decide, act) loop model developed by John Boyd. The current 
nature of terrorism—that is, small groups using unconventional warfare 
methods—treflects many of the same operational characteristics as the nation’s 
special operations groups. McRaven, seen as one of the world’s premier experts 
on low-intensity conflicts, published one of the most comprehensive studies of 
special operations warfare, Spec Ops: Case Studies in Special Operations 
Warfare: Theory and Practice (McRaven, 1996). McRaven posits that for a small 
force to be successful they need to acquire what is known as relative superiority, 
which he describes as a condition that exists when an attacking force, generally 
smaller, gains a decisive advantage over a larger or well-defended enemy. 
Relative superiority exists when it is achieved at the pivotal moment in the 
engagement and, once achieved, sustained to guarantee victory. Once lost, relative 
superiority is difficult to regain (McRaven, 1996). As an example, the hijackers 
on 9/11 attained relative superiority for the first three hijackings and then lost it 
on United Flight 93, which crashed in a Pennsylvania field as passengers 
attempted to retake the cockpit (Sloan and Bunker, 2011). 

McRaven explains how six principles—simplicity, security, repetition, 
surprise, speed, and purpose—affect relative superiority. Each of these principles 
relates to the perspective of aviation security practitioners in designing methods 
to deter or effectively respond to a terrorist or criminal incident. Simplicity relies 
on three elements: focusing on a limited number of objectives, having good 
intelligence, and using innovation (McRaven, 1996). On 9/11, the plan was quite 
simple: hijack aircraft using knives, put individuals who are capable of flying the 
aircraft into the cockpit, and aim at a building. Too much complexity can kill an 
operation, while too little planning may have the attackers show up at a closed 
venue or one filled with law enforcement and security officers (Sloan and 
Bunker, 2011). 
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Security relates to operational security (OpSec) while the attack is being 
planned and pieces put into place (eg, training, acquisition of materials, funding). 
Complex plans involving multiple actors require higher levels of security, which 
hinders preparation and increases the chances the group will be discovered by law 
enforcement. An important component of this phase is that in almost all cases, 
surveillance on a potential target will be done physically and supplemented with 
virtual tools such as Google Earth or vacation or facility web sites. This puts 
personnel in a position to be spotted by security and law enforcement personnel, 
which could not only compromise the operation, but the entire group (Sloan and 
Bunker, 2011). More complex plots and established terrorist groups will also have 
a well-developed infrastructure with safe houses, secret armories, bomb factories, 
motor pools, and methods to finance their operations—some legal, such as charity 
group fronting the terrorist organization, and some illegal, such as theft, drug or 
human smuggling, extortion, or street taxation (Sloan and Bunker, 2011). 

Repetition is indispensable in achieving success and relates to training to 
perform the operation. Certain elements, such as tactical skills necessary to execute 
the fundamental elements of the operation, should be second-nature by the time the 
attack begins. However, many domestic and international terrorist groups have 
been caught or eliminated during this phase as it often requires shooting ranges, use 
of explosives, acquisition of automatic weapons and ammunition, and other higher 
profile actions. As an example, less than a month prior to the July 20, 2012, 
Colorado theater shootings, the alleged shooter was turned down for membership to 
a local gun club by the owner when the owner heard a “creepy, weird” message on 
the alleged shooter’s voicemail (Winter, 2012). 

Surprise is not the same as relative superiority, warns McRaven. Surprise 
provides for momentary advantage and, while usually necessary for success, alone 
is not sufficient for success (McRaven, 1996). Speed, which also relies on proper 
security and constant repetition (ie, training), relates to the ability to take action 
quickly. Speed also relates to John Boyd’s OODA loop model. The OODA loop 
model posits that when two opponents engage each other, the combatant with the 
faster engagement (or reaction), with all other elements being equal, will win 
(Sloan and Bunker, 2011). The model was developed by the US Air Force but has 
been applied to other areas of warfare and implies that weaker forces can, 
by speeding up the engagement cycle, defeat superior opponents. The German 
blitzkrieg launched against France in 1940 is a good example of the OODA loop 
model. 

Purpose means all personnel are focused on a single goal, which reduces 
extraneous objectives and isolates and limits the intelligence required, which, com- 
bined, makes operational security that much tighter. Each element is interrelated 
and based on these premises; for an attack to be successful it would have to focus 
on a limited number of objectives, which also helps maintain operational security 
throughout the planning cycle. If the operation is too complex it is difficult to 
conceal and rehearse, making it nearly impossible to execute with surprise, speed, 
and purpose. Fortunately, very few terrorist groups will carry out operations at 
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these levels, but when they have, the results have been deadly, noting the 9/11 
attacks, the Mumbai shootings, and the Beslan school hostage crisis. 
Unfortunately, much lower level attacks can be executed against aviation, such as 
the Yemen air cargo plot, which likely involved only a few individuals, but there is 
a difference between the hundreds and, in some cases, thousands who have been 
killed in high-level attacks versus low-level lone-wolf or small group attacks. 

Once the attack is in motion, there is still not a guarantee of success. Even the 
Aum Shinrikyo group, which features scientists, engineers, and deep financial 
resources, made numerous mistakes with its attempts at developing a WMD due 
to a lack of small-unit operational experiences. While building a bomb is a skill 
set sought out by terrorist and extremist groups, former military or police officers 
with firearm and small-unit tactics training are highly valued within. Watch for 
individuals with prior military or law enforcement experience who may have 
been forced out of their profession for any reason, and that left them discontented 
with the organization, the government, or any other reason they would use to 
justify joining a terrorist or extremist organization. 

Adding to the frustration of counterterrorism operations is the difficulty in 
measuring deterrence. While successful attacks are broadcast throughout the 
world and some notable near-attacks are given some coverage, such as the liquid 
bomb plot in 2006, which is more memorable for the TSA’s 3-1-1 rule rather 
than the thousands of lives saved by fast-acting MI-5 personnel, most arrests prior 
to the attack are either not covered or soon forgotten. It is also nearly impossible 
to measure the number of times a criminal or terrorist decided not to attack 
aviation (or any other target) due to the deterrent measures put into place. 

The TSA has been roundly criticized for not catching any terrorists through their 
screening and behavior detection processes, but there are two issues here. The TSA is 
not fundamentally a law enforcement agency or else it would likely reside in the 
Department of Justice (DOJ). The TSA, like the US Coast Guard, Federal Emergency 
Management Agency (FEMA), the US Secret Service, and other DHS agencies, 
resides in a sort of netherworld that is focused on protecting the United States from 
natural and human-made attacks—in most cases, these agencies are the last point of 
failure, the last line of defense, before a plot becomes a successful attack. 

The FBI and other law enforcement agencies have caught numerous terrorists 
and criminals since 9/11; Garrett M. Graff (2011) has cited many of their successes 
in The Threat Matrix: The FBI at War in the Age of Global Terror. The Department 
of Defense (DOD), the nation’s military forces, the Central Intelligence Agency 
(CIA), and related agencies have eliminated an untold number of terrorists, including 
most notably Osama bin Laden, potential terrorists, and terrorist support networks 
since 9/11. The terrorists not getting to the site of the attack (ie, the airport or aircraft) 
because they have been arrested or eliminated before even making it to US shores is 
a success for the entire system. Second, if the screening functions did not exist, then 
it has been shown repeatedly throughout the history of aviation security that 
criminals and terrorists will continue to exploit that vulnerability until protections are 
put into place. 
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Ronczkowski posits that just like the effective SARA model used in law 
enforcement (scan, analyze, respond, assess), terrorist activities can be organized 
into a similar model. Terrorists have a planning stage (target selection and analyz- 
ing and assessing the mission), a research (reconnaissance) and planning stage, and 
an execution stage (the attack), and that the use of all the stages are inseparable and 
integrated (Ronczkowski, 2012). Thus, the four stages within the terrorism model 
are: select target, analyze and assess, research, and attack (SARA). 

In the absence of the integration the mission will fail. Terrorists do not 
randomly and spontaneously pick their targets—they are selective to maximize the 
tragedy. This provides law enforcement and security personnel the advantage of 
being able to identify and deter a plot in advance of the attack. According to 
Ronezkowski (2012), “Training is the foundation on which law enforcement 
practices are built” (p. 46). Ronczkowski adds that most terrorism-related training 
is focused on response to an incident, rather than on what to look for in advance 
and the types of questions to be asked. In October 2007, the National Strategy for 
Information Sharing stated, “Whether a plan for a terrorist attack is homegrown or 
originates overseas, important knowledge that may forewarn of a future attack may 
be derived from information gathered by State, local, and tribal government 
personnel in the course of routine law enforcement and other activities.” 

To promote the training of state and local law enforcement officers (LEOs) in 
identifying preincident indicators to terrorist or criminal activity, there are a couple 
of programs: Nationwide SAR Initiative and the State and Local Antiterrorism 
Training (SLATT) program funded by the DOJ. SLATT provides training and 
resources to law enforcement personnel on the threats presented by terrorists and 
violent criminal extremists. SLATT provides antiterrorism detection, investigation, 
and interdiction training. The program has been in place since 1996, but received 
little attention prior to 9/11. 

The National Security Institute (NSI) training is directed at state, local, and 
tribal law enforcement and public safety professionals in identifying, reporting, 
evaluating, and sharing preincident terrorism indicators to prevent acts of 
terrorism. The NSI’s programs include documented and verified behaviors and 
indicators that, when viewed in the totality of circumstances, may indicate 
terrorism-related criminal activity. 

Ronczkowski makes an important point with regards to terrorism when he 
says that the pieces of the puzzle can be scattered across multiple jurisdictions 
and databases, which makes interagency cooperation and mutual aid agreements 
critical (Ronczkowski, 2012). While state and local law enforcement agencies, 
along with fire departments and emergency medical service (EMS) units, 
routinely use Memorandum of Understanding for responding to local incidents, 
their use needs to transcend to spell out guidelines for the gathering of intelli- 
gence and investigations into terrorist activities. 

While there is some debate how it was developed, the SAR program (suspicious 
activity reporting), which is promoted through the SLATT and NSI programs, has 
become an essential resource in the counterterror and counter-criminal efforts. 
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Today, it is the backbone of the Intelligence Reform and Terrorism Prevention Act 
of 2004, which required the creation of the Information Systems Council (ISC). 
The ISC was charged with overseeing the development of an interoperable 
terrorism information sharing system environment. 

Tasking local law enforcement to not only perform their traditional policing 
roles but also to now take on the prevention of terrorist attacks represents a signifi- 
cant shift in their roles (Ronczkowski, 2012). SAR is based on the behaviors and 
activities that have been historically linked to preoperational planning of and 
preparation for terrorist attacks, which include acquiring illicit explosive materials, 
abandoning suspicious packages or vehicles to determine the response time of 
security or police, taking measurements or photographs of areas not normally of 
interest to the public, testing security measures, and others. SAR creates a national 
standard for terrorism-related modus operandi codes (Ronczkowski, 2012). By 
creating and assigning numbers or codes to terrorism-related behaviors, terrorist 
activities can be tracked by date, time, and location—similar to the New York 
Police Department’s computerized statistics performance-based management 
approach (COMPSTAT). 

The SAR program allows police to paint their own picture of what is happening in 
their communities rather than relying on their federal partners. Fusion centers can also 
benefit from the SAR program as the centers themselves rely on the collection and 
dissemination of intelligence from a variety of sources. The SAR program does not 
have a defined starting or ending date, which is intentional and recognizes that the 
threat and the process is continuous and ever evolving. The goal of the ISC is that by 
2014, every federal, state, local, and tribal entity participates in a standardized 
integrated approach to gather, document, process, analyze, and share terrorism-related 
suspicious activity information (Ronczkowski, 2012). Domestic and international 
terrorist group activities include (Ronczkowski, 2012): 


1. Recruitment: membership of a group, attendance at rallies and meetings, 
exposure to Internet recruiting or informational sites, personal recruitment, 
and accessing extremist literature. 

2. Preliminary organization and planning: identify and clarify roles, exposure to 
terrorist training materials or actual training, discussion of potential targets, 
drawings, and assignments. 

3. Preparatory conduct: theft and weapon acquisition, counterfeiting, procuring 
identification, bomb-related activities, and weapon modifying. 

4. Terrorist act: bombings assassinations, hostage taking, hoaxes, threats, and 
hijackings. 


This list addresses strategic phases of operations, but even at lower levels, the 
tactical phases of an operation must include three phases: planning, preparation, 
and execution. Smaller operations require shorter phases, but must still include 
each element. Even the lone-wolf operator, usually the hardest to interdict, must 
begin with some type of target selection (planning), acquisition of weapons or 
explosives (preparation), and the attack (execution). Larger operations have a 
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better chance of being detected due to the larger logistical footprint (Sloan and 
Bunker, 2011). Another common characteristic is that while logic may dictate 
that mission intent and target drive the planning cycle, the reality is that many 
times a group will get good at a particular type of attack, like hijackers were for 
the Popular Front for the Liberation of Palestine in the 1970s and 1980s, and it 
becomes their calling card. 

The key indicators of terrorist activity have been defined as (1) surveillance, 
(2) elicitation, (3) testing security, (4) acquiring supplies, (5) suspicious persons, 
(6) trial runs, and (7) deploying assets. In addition to what has already been listed, 
these activities should also be regarded as suspicious (with respect to context): 


1. Counter-surveillance and testing of security procedures. 

2. Elicitation of information from security and police personnel. 

3. Attempts to enter secure facilities, or attempts to smuggle contraband onto the 
premises. 

4. Stockpiles of currency (cash), weapons, ammunition, or in possession of 
multiple forms of identification, passports, and driver’s licenses. 

5. Espouses extremists views in the workplace, in social media, or in personal 
communications. 

6. Attempts to acquire or in possession of blueprints or layout plans of sensitive 
or governmental infrastructure. 

7. Commits hoaxes or makes statements to determine the response. 


Crimes in the air cargo area should be taken very seriously. Most cargo 
crimes are documented as thefts, burglaries, or robberies, but according to the 
South Florida Cargo Theft Task Force, approximately $25 billion per year is 
lost in cargo theft. Theft from carry-on and checked baggage is considered theft 
of a shipment of interstate property, which makes this type of theft a federal 
offense. 

Many valuable materials including computers, pharmaceutical materials, cell 
phones, electronic equipment, alcohol, cigarettes, and designer clothing are 
routinely targeted by both terrorist organizations (for funding) and organized 
criminal enterprises (Ronczkowski, 2012). Another consideration for cargo crime 
is leakage, defined as the removal of property or insertion of articles, including 
explosives, without tampering or removing the container’s seal. The most 
common methods are by removing bolts and panels or by drilling out rivets. 
Airport police, badging office personnel, TSA screeners (particularly those 
involved in the document check), airport operations personnel, airline personnel, 
and airport security managers are all in a unique position to see a variety of activ- 
ities, including drug smuggling, human trafficking, and the use of theft as a 
means to finance a terrorist or criminal operation. Plus, with the volume of data 
and the background checks conducted on aviation personnel, there is the opportu- 
nity to identify a bad actor that may be plotting to commit another type of 
terrorist attack, such as the Denver International Airport shuttle bus driver who 
intended on attacking the subway systems in New York City. 
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EXISTING THREATS: AIRCRAFT BOMBINGS, AIRCRAFT 
HIJACKINGS, AND AIRPORT ATTACKS 


The traditional methods of attack on aviation continue to be bombings and hijackings. 
Although hijackings have numbered more than 700, with the exception of 9/11, 
approximately 150 airline bombings have resulted in more fatalities. The concept 
of using an aircraft as a WMD, although not new, was certainly not within the scope 
of thinking by the intelligence communities throughout the world before 9/11. 
Traditional threats are, presently, easier to carry out by the unsophisticated terrorist 
and are expected to continue to occur. 


AIRCRAFT BOMBING: PASSENGER, BAGGAGE, AND CARGO 


In 2006, the TSA stated that bombings were a greater threat to aviation security 
than hijackings. Bombs continue to be one of the most popular weapons of terror 
and remain an active current threat. The question is, what are the other known 
methods of introducing a bomb to an aircraft? It is in the answer to this question 
that aviation security practitioners can develop countermeasures. While the front- 
line defense against any sort of terrorist act is typically the intelligence and 
interdiction assets, such as US military special operations, the CIA, FBI, and other 
intelligence gathering agencies, from an airport operators’ perspective, the first 
place to assess the vulnerability of the airport to bombs are current screening 
systems. Up until the deployment of body imaging technology it was known that 
passenger screening technologies did not function well in detecting explosives, 
whether plastic- or liquid-based. However, they are adequate for detecting many 
prohibited items including guns and knives. The TSA has implemented an 
operational solution in the form of restricting the amount of liquid that can be taken 
onboard, conducting random use of explosive trace detection technologies, and 
upgrading carry-on and passenger screening technologies. Yet the 2015 Inspector’s 
General report showed that items, including bombs, meant to look real used by red 
team members, are still getting past security personnel and technologies. 

The security screening checkpoint must be outfitted with technology that will 
detect explosives and metal on a passenger and that provides a better look inside 
carry-on baggage—technology that can distinguish between dangerous liquids and 
other substances from nonthreatening items. For a period of time, the industry 
considered using the explosives detecting equipment that is used in screening 
checked baggage, in the passenger checkpoint, but additional complications in 
doing so arise. Power requirements, footprint of the equipment and the difference 
in what checked bag screening systems look for (primarily bombs or explosive 
elements), versus what carry-on bag screening systems look for. In addition to 
bomb and explosive elements, carry-on screening technology has to identify 
knives, guns, and numerous other prohibited items. However, the idea is worthy 
of consideration if it can speed up screening lines and increase detection rates. 
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Screening technology also should focus on detecting the elements of an explosive 
device so as to prevent several collaborators from carrying on a component of a 
device and then assembling it on the aircraft. However, many explosives can be 
constructed using materials and items that are not prohibited in an aircraft, so 
technology is not the only security practice that should be employed. Passenger 
profiling, beginning with the identification and verification of the passenger when 
she or he purchases a ticket, to active profiling conducted at the airport, should also 
be implemented. 

After reviewing and improving the existing screening procedures, focus must 
shift to the other methods a bomb can be introduced to an aircraft, as terrorists 
and criminals will shift to the path of least resistance, which right now is 
represented primarily by cargo, mail, and the placement of a device by an 
aviation employee. Regulatory action in 2009 pushed the industry to screen 100% 
of all cargo carried on a passenger air-carrier aircraft; however, the requirement 
only applies to US registered aircraft. Securing the international cargo supply 
chain, which US air carriers are connected to, is a much greater challenge. The 
insider threat is addressed later in this chapter. 


BOMB THREATS 


A bomb threat disrupts an operation or business, airline or otherwise, for a time, 
reducing productivity. Bomb threats to an airline, an industry that relies heavily 
on on-time performance, can be a major disruption as flights are delayed or 
canceled across the national airspace system, personnel and resources are diverted 
for hours to handle the crisis, and other airport operations are interrupted. It does 
not take long for someone to figure out that if a bomb threat stops the operation 
of an airline every time one is called in, then all one has to do is keep calling 
in bomb threats. The airline will continue to lose millions of dollars a day 
responding to threats and, perhaps, the airline will shut down. 

Additionally, bomb threats in 2014 occurred when an individual sent a Tweet 
to the airline, rather than called it in. Regardless, the Tweeted message is still 
considered a bomb threat and is handled as if it had been called in. Therefore, the 
seriousness of bomb threats must be judged based on a variety of factors. Both 
the FBI and the Bureau of Alcohol, Tobacco, and Firearms (ATF) publish a card 
that can be used at airline call centers and other areas of the business that are 
most likely to receive a bomb threat; it helps the airline and other agencies 
evaluate the threat (Fig. 11.1). 

Presently, handling a bomb threat from the air carrier perspective depends on 
where the call or notification comes in. A call (or notification in the case of a 
bomb threat delivered via social media) to an airport authority will result in the 
airport responding by notifying air carriers and the TSA. A notification to the 
airline may not result in notification to the airport or other agencies. In the past, 
if the threat was clearly a hoax or so unspecific as to not warrant further action, 
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ATF Bomb Threat Checklist 


Caller’s Voice (circle) 


i : Calm Rapid 
Exact time of call: Slow Stressed 
Exact words of caller: Crying Nasal 
Slurred Lisp 
Stutter Excited 
Deep Disguised 
; Loud Sincere 
Questions to Ask: Broken Squeaky 
1.When is bomb going to explode? Giggling Normal 
Accent Male 
2. Where is the bomb? Angry Female 
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3. What does it look like? If voice is familiar, whom did it sound like? 


7 re 
4. What kind of bomb is it? Were there any background noises? 
5. What will cause it to explode? 
Remarks: 


6. Did you place the bomb? S 
Person receiving call: 


7. Why? : : 
Telephone number at which call received: 


8. Where are you calling from? 
Date: 


Report call immediately to Campus Office of 
Safety & Security. Off-Campus Site Emergency 
Coordinator, or call 911. 


9. What is your address? 


10. What is your name? 

















FIGURE 11.1 
ATF bomb threat checklist. 


determined through a vetting process conducted by the airline security personnel, 
the airline sometimes elected to not notify other agencies. 

When an aircraft operator receives a bomb threat, the in-flight security coordinator 
of the flight in question must be notified, and any applicable threat measures that are 
part of the aircraft operator’s security program must be implemented. The aircraft 
operator must also notify the airport operator at its intended point of landing when an 
aircraft has received a threat. The aircraft operator must attempt to determine whether 
any explosive or incendiary device is present by conducting a security inspection on 
the ground before the aircraft’s next flight, or if already in flight, as soon as possible 
after landing. If the aircraft is on the ground, all passengers must be evacuated and the 
aircraft thoroughly searched. This search is usually carried out by K-9 explosive 
detection teams since they are generally able to conduct a quick search because of their 
flexibility and ability to navigate in and around the aircraft cabin and cargo holds. 

If an aircraft in flight receives a bomb threat or notification from the ground 
that a bomb may be onboard, the flight crew must be immediately notified so that 
in-flight security precautions may be taken. This sometimes involves the 
movement of a suspicious package or item to an area of the aircraft known as the 
least-risk bomb location (LRBL). This is an area within the cabin of a commercial 
aircraft where the aircraft manufacturer has determined that an explosion will 
result in the least damage to the aircraft. Obviously, some explosive forces can be 
large enough to destroy the aircraft regardless of where the charge is placed, but 
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use of the LRBL may be effective in most cases. Crewmembers may also have 
ballistic-proof blankets available, or they may place other bags around the suspect 
item to mitigate any blast. The strategy for mitigating any bomb threat or 
suspected device onboard an aircraft will be guided by the aircraft operator secu- 
rity program and the totality of the circumstances. 

If a threat is received and related to the facilities used by an aircraft operator, 
the airport operator must be immediately notified, along with the other domestic 
and foreign aircraft operators at that specific airport. The aircraft operator must 
conduct a security inspection before continuing to use the threatened facilities or 
areas. As a practical matter, when a threat to an aircraft operator’s facility is 
received, and that facility is located on airport grounds, the airport operator often 
takes operational control of the incident including evacuation measures and 
security inspections by explosive ordinance personnel including K-9 teams, local 
law enforcement, and the FBI. 

The regulations require that aircraft operators notify the TSA of any bomb 
threat against a flight or an airline facility.” However, the aircraft operator can 
exercise some discretion when determining whether a particular threat is credible 
enough to stop air carrier operations and contact the TSA. The families of the 
Victims of Pan Am Flight 103 brought this discretionary policy into question. 
Before that bombing, Pan Am had received threats that an explosive device was 
going to be placed on an aircraft departing Frankfurt, Germany. However, the 
airline did not notify the passengers of Flight 103 that the threat had been 
received. Even in the post-bombing investigation, authorities determined that the 
threat was without merit. At the time, US President Ronald Reagan defended the 
practice of keeping bomb threats confidential by noting that to advertise every 
bomb threat would bring air service throughout the world to a halt. Today, the 
advent of social media has made many bomb threats public knowledge whether 
the government desires the publicity or not. Additional information on bombs and 
bomb threats is addressed later in this chapter. 


AIRCRAFT HIJACKING 


One of the most dangerous assumptions about airplane hijackings is that they are 
no longer possible, and that if attempted they will be unsuccessful because 
passengers will no longer sit quietly while hijackers take over the plane. This 
assumption has been repudiated numerous times since 9/11. Two cases in particular 
when passengers did not attempt to interfere with hijackers is the hijacking of an 





"If an aircraft is in flight outside US jurisdiction when a threat is received, the aircraft operator 
must notify the appropriate authorities in the country where the aircraft is located and at the 
aircraft’s destination if outside the United States. Notification to air traffic control is sufficient to 
meet this requirement as the International Civil Aviation Organization (ICAO) Annex 17 of the 
Chicago Convention requires that air traffic controllers pass along such information when it is 
received. 
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AeroMexico flight on September 9, 2009, when the hijacker took over the flight by 
claiming he had a bomb. He also claimed three co-conspirators were hidden within 
the passengers, and that the co-conspirators would prevent any passenger uprising 
from taking place. The second notable hijacking occurred on March 29, 2016, 
when a man hijacked an EgyptAir flight using a fake suicide bombers vest. In 
neither case did passengers attempt to retake the airplane. 

In fact, this assumption about passenger uprising has been restated numerous 
times by TSA and DHS officials, and others, and was also a key assumption 
in the book, Chasing Ghosts: The policing of terrorism, by authors J. Mueller and 
M. Stewart. While the assumptions that were made relating to their research 
on hijackings and the value of air marshals, hardened and locked cockpit 
doors, armed pilots and passenger resistance, to demonstrate the cost benefit of 
antihijacking measures, are somewhat in question; their findings are, nonetheless, 
interesting and worthy of consideration. 

Mueller and Stewart conclude that the most effective means to prevent a 
hijacking (short of hijacker incompetence) are armed pilots, locked and hardened 
cockpit doors, and active passenger resistance, while the use of air marshals was 
not worth the money invested in the program (Mueller and Stewart, 2016). 
However, Mueller and Stewart made some fundamental assumptions that may not 
be accurate, including: 


1. The assumption that passengers would actively resist a hijacking attempt. 

2. The assumption that a pilot would have enough time and the ability to fight 
off armed hijackers. 

3. The air marshals are primarily on the aircraft only to ensure that the cockpit 
was not invaded during the time the cockpit door was open, for pilots to use 
the lavatory or other essential reasons. 


This perspective also assumes that the passengers even know a hijacking is 
taking place—in some instances in the past two decades, the only individuals 
who were aware of a hijacking were the flight crew and certain other cabin 
crew members. It is understood that in any research project, certain assumptions 
must be made, or else the possibilities are endless. However, in this case, the 
assumptions are based on a unique set of circumstances that do not address 
certain realities, such as: 


1. The first assumption does not take into account that the next hijacking may 
not look like the 9/11 hijacking, using five men armed with box cutters and 
pocketknives. Future hijackers could be (as they were in 1985 on TWA Flight 
847) armed with other weapons, such as automatic and semiautomatic 
weapons and hand grenades (left on board by insider accomplices), with the 
ability to immediately eliminate any passenger attack. Additionally, as 
previously noted, during several post-9/11 hijackings, passengers did not 
attempt to rush the hijacker. The first assumption also does not take into 
account that, in times of stress, individuals often revert to their flight or fight 
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instincts, which means that not everyone will fight for their own lives (a fact 
demonstrated in the writings of Dave Grossman in his two books, On Combat 
and On Killing). 

2. The second assumption does not take into account that the primary role of the 
pilot is to fly the aircraft. Also uncertain and unproven is whether one of the 
pilots would be able to un-holster a firearm (from a locking holster) and 
effectively defend the cockpit, particularly if facing equally or better armed 
intruders. Also involved in this assumption is Grossman’s writings on whether 
an individual in fight or flight mode would actually use the weapon in a real, 
life-or-death situation. 

3. The third assumption posits that the cockpit door is only vulnerable when 
opened, ignoring the fact that override systems are in place for safety reasons 
(which a hijacker may discover through research or previous knowledge of the 
aircraft), and that in many hijackings, the flight crew is still coerced into 
opening even a locked cockpit door, by threatening the lives of other crew 
members and passengers. 


Mueller and Stewarts’ assumptions did uncover some interesting 
conclusions and possibly effective strategies about protecting an aircraft from 
hijacking, including an expansion of the Federal Flight Deck Officer (FFDO) 
program and a requirement to include secondary flight deck protections on the 
aircraft. 

Secondary flight deck protection, or the other industry term, Installed Physical 
Secondary Barriers (IPSBs), is essentially a screen that is installed temporarily 
when the cockpit door needs to be opened, and which effectively eliminates the 
ability of unauthorized personnel to access the cockpit, under anything other than 
extraordinary measures, such as blowing up the barrier using explosives. The cost 
of the barrier is approximately $10,000 per aircraft, and with 6000 aircraft in the 
civil fleet, the total cost is approximately $60 million dollars. United Airlines 
begin installing these barriers on their aircraft, and both Boeing and Airbus began 
making them standard on several of their newer aircraft designs. Mueller and 
Stewart estimate the hijacking deterrence provided by the barriers to be about 
50%. In the same study (using the aforementioned assumptions) Mueller and 
Stewart put the deterrence effectiveness of preboard screening at 30%, passenger 
and crew resistance at 30%, an LEO flying armed and with approval to carry a 
firearm (in only rare cases) at 1%, hardened cockpit doors at 30%, FFDO resis- 
tance at 30%, and the use of Federal Air Marshals (FAMs) at 7% (Mueller and 
Stewart, 2016, p. 240). 

An important point to remember is that the aforementioned numbers reference 
the deterrence factor to a hijacker. When measuring whether a particular layer of 
security will disrupt an actual hijack attempt, the numbers change, with preboard 
screening rising to 50%, with passenger and cabin crew resistance dropping to 
7%. Interestingly, the disruption rate increases to 20% for FAMs, assuming they 
are on the aircraft. Most interesting about the research is that disruption rates for 
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FFDOs range between 15% and 75% if one is on board and assuming they 
will fight for their lives, IPSBs at 75%. Additional analysis showed that by 
reducing the FAM budget by 75%, but requiring IPSBs and doubling the budget 
for the FFDO program, the risk reduction can achieve the same percentage as 
the full array of security measures currently in place (Mueller and Stewart, 2016, 
pp. 241—242). 

Unfortunately, for reasons beyond explanation in this text, the two methods 
that would result in the most risk reduction and also reduce expenses are consis- 
tently under attack. In 2012, DHS Secretary Janet Napolitano testified before 
the House Homeland Security Committee advocating a reduction in the FFDO 
budget, “predicated on the fact that the program is not risk based” (Mueller and 
Stewart, 2016, p. 247). Also, when United and Continental Airlines merged, 
the company decided to remove all secondary barriers, at a cost of $5000— 
$12,000 rather than adding them to the Continental aircraft (Mueller and 
Stewart, 2016, p. 238). 

Although numerous procedures have been implemented to prevent an 
aircraft from being hijacked and, if hijacked, to prevent it from being used as a 
WMD, there is still the potential for hijackings to occur. On average, since 
9/11, there have been approximately 5—10 hijackings or hijacking attempts 
each year worldwide. Hijackings help meet many needs of the terrorist or crimi- 
nal organization in terms of invoking fear and gaining publicity. Hijacking an 
aircraft and crashing it into a ground target invokes deep-seated fears that many 
Americans have developed since 9/11, in addition to the massive loss of life, 
the destruction of property, and the huge economic impact that results from 
such an attack. The following narrative highlights an al-Qaeda plot to hijack 
aircraft and crash them into targets in the United States, Australia, the United 
Kingdom, and Italy. This passage was discovered in 2006, and it demonstrates 
that hijacking for the purpose of causing mass destruction is still a highly 
probable form of terrorism: 


The Department of Homeland Security report, dated 16 June 2006 and marked 
unclassified, was first reported by ABC News in the U.S. and has since also 
been seen by the BBC. It makes clear that al-Qaeda remains interested in 
attacking aviation targets and “likely desires a successful repeat of a 2001 
suicide hijacking against the United States.” 

Corera, 2006, p. 10 


The common strategy for dealing with hijackers before 9/11 was so ubiquitous 
it could have just as well been called the “commonly known strategy.” The com- 
mon strategy was essentially to cooperate with the hijackers and get the plane 
safely on the ground as soon as possible. With hundreds of hijackings bearing 
similar characteristics, the 9/11 hijackers relied on the flight crews and passengers 
executing the common strategy. The common strategy assumed that hijackers 
would not know the practices that pilots were instructed to take during a 
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hijacking. Another assumption was that the hijackers would have little knowledge 
of the internal workings of an aircraft.” 

The antihijacking strategy practiced today is essentially active resistance— 
also not a secret. Security practitioners can no longer assume that hijackers will 
not have knowledge of how an aircraft works. In fact, hijackers may understand 
the functions of various systems in the cockpit and know how to fly the plane— 
as did the 9/11 terrorists. 

In 2005, the DHS rolled back some of the items on its prohibited items list 
because of the effectiveness of active resistance. There are numerous defenses 
against hijackings, including security screening; air marshals and other federal, 
local, and state LEOs flying armed; passenger resistance; and airline personnel 
trained in self-defense. To continue to reduce the hijacking threat, consideration 
should be given to requiring airline personnel to receive hands-on self-defense 
training“ and to allowing local and state LEOs to carry their weapons onboard. 

Currently, local and state LEOs must have a reason to carry their weapons 
onboard, such as prisoner transport or high-risk surveillance. Otherwise, if they 
are just traveling on vacation or even on business to attend a seminar or confer- 
ence, they are required to store their firearms in checked baggage. Airlines operat- 
ing without the support of a government-sponsored air marshal program should 
consider employing their own armed and trained security personnel. Despite the 
low frequency of air marshals on board an aircraft, air marshals still provide a 
deterrent effect, as terrorists must take into account that one or more could be on 
a particular flight, and marshals can be beneficial during operational surges, or 
high-risk flights. 

Some discussion of creating a program to certify and allow state and local 
LEOs to carry their firearm on board when traveling on vacation or business, 
such as to a conference or to another state to continue an investigation, or other 
situations in which they are not allowed to carry a weapon. However, as of today, 
such a program has not moved forward. 

The last line of defense for a hijacked aircraft may be the antiaircraft 
measures. If the pilot or someone on the flight is able to notify authorities that the 
aircraft has been hijacked, the US government could order the aircraft to be shot 
down. Mueller and Stewart estimate the deterrence effect of such a measure to be 
30%, as there may not be enough time to deploy an armed asset, such as a 
military SAM (that is within range of the aircraft), or a fighter jet with live 
ordinance on board (Mueller and Stewart, 2016, p. 241). 





ĉIn the hijacking of TWA Flight 847, Captain John Testrake believed the situation would not have 
ended quite as well if the hijackers had a working knowledge of the aircraft’s systems. Because of 
the hijackers’ ignorance, Testrake and his crew were able to keep the aircraft on the ground (after a 
period of time) and prevent the hijackers from further risking the lives of the crew and those on the 
ground. 

“The present requirements for self-defense training do not include hands-on training. It is optional 
on the part of the aircraft operator to provide such training. 


Aircraft Bombings, Aircraft Hijackings, and Airport Attacks 


Managing a hijacking incident 

Most strategies for managing hijacking incidents are classified, understandably, as 
sensitive security information, yet conventional wisdom and lessons learned are 
not a secret. If the hijack occurs when the aircraft is still on the ground, the 
strategy is to do everything possible to keep it there. Once the aircraft is airborne, 
numerous variables come into play, including the potential that the aircraft will 
be used as a weapon or that it will be shot down by military aircraft to prevent 
just such an occurrence. Pilots should attempt to disable the aircraft either by 
escaping or through other means. Airport operators should consider parking snow- 
plows, construction equipment, or hauling in Jersey barricades to prevent the 
aircraft from taking off. As called for in the ICAO standards, if possible, the 
aircraft should be relocated to an isolated parking position (IPP) on the airfield 
where the incident can be managed. This should occur only if the aircraft is 
otherwise prevented from accessing a runway or taxiway where it can take off as 
it transits to the IPP. The IPP is usually located away from the main terminal 
buildings and the runways and provides a location where negotiations can take 
place and tactical units can safely observe the aircraft. 

Initially, state and local law enforcement, such as the airport police force or 
local sheriff deputy response, will contain the aircraft while waiting for the 
federal response. The TSA will be advised of the incident. However, the TSA 
does not typically have a law enforcement response team; therefore, the local law 
enforcement agency will manage the on-scene tactical issues until the FBI can 
arrive, assemble, and deploy. It should be noted that the federal response may be 
30—45 minutes or more away, so local police and airport personnel must know 
how to handle such incidents in the meantime. Specific hijack management 
strategies should be discussed with federal, state, and local security personnel, 
including the FBI and the TSA, and training conducted for the first responders at 
the airport as the precise processes for managing a hijacking should not be made 
public. 

If the aircraft hijacking occurs while the plane is in flight, the primary goal of 
the flight crew is to keep control of the aircraft, prevent unauthorized access to 
the cockpit, and get the aircraft on the ground as safely and quickly as possible. 
There are numerous other measures flight crew and flight attendants can take to 
communicate with air traffic control and prevent access to the cockpit, many of 
which are classified and taught to flight crews. 


AIRPORT ATTACK: ARMED ASSAULT 


Although it has only occurred a few times in the course of aviation history, the 
armed assault of an airport terminal building ranks as the third most frequent kind 
of attack on aviation. Untrained individuals have committed these types of 
attacks, as well as trained assault teams using military tactics and weaponry. One 
of the earliest cases of an active shooter team occurred at the Lod International 
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Airport (now known as Ben Gurion International in Israel) in 1972, when gunman 
from the Japanese Red Army flew into the airport, then, upon retrieving their 
bags at the baggage claim pulled out automatic weapons and hand grenades, and 
attacked passengers and others in the terminal area. The attack was orchestrated 
by Palestinian elements, which contracted the Japanese Red Army, so as to avoid 
drawing suspicion, as the Israelis were highly suspicious of those with Arabic 
features. Additional active shooter attacks have taken place in Rome (twice) and 
Vienna, at the Louis B. Armstrong International Airport in New Orleans, and 
twice at the Los Angeles International Airport, once in 2002, and once in 2013, 
that resulted in the death of a TSA officer. 

In a coordinated attack by multiple, trained operatives, the results can be 
deadly, resulting in a massive loss of life and a major disruption to operations. In 
the case of an airport, the closure of the terminal building for an extended period 
could also result, with a consequentially large economic impact. Active shooters 
typically target softer targets, such as the Beslan school takeover, the attacks in 
Paris in 2015, and the attacks at a work function in San Bernardino, CA, also 
in 2015. Within the airport, the public area represents the softest target as it is in 
front of the security screening checkpoints. 

At many US airports, the law enforcement agencies charged with patrolling 
the terminal areas are lightly armed, as compared to the level of armament used 
by assailants; they are thus limited in their response capabilities. Some exceptions 
include Los Angeles International Airport, which has special response teams on 
duty, and Boston Logan International Airport, which carries out patrols by law 
enforcement personnel carrying submachine guns. 

Several more airports throughout the United States and the world have added 
more heavily armed and armored law enforcement personnel to the public areas, as a 
result of the attack at the Brussels airport in 2016. Federal Protection Service person- 
nel are now commonly assigned to staff airport public areas at certain high-traffic 
airports. London Heathrow International Airport, for instance, employs Metro police 
armed with submachine guns, in addition to the standard police sidearm. 

A coordinated attack on an airport terminal could involve terrorist operatives 
who have been trained in military tactics and who are using military weapons and 
explosives, similar to the attack in Paris in 2015, or could be a lone gunman, like 
the attack at Terminal 3 at LAX in 2013. In either case, operatives typically use 
automatic or semiautomatic guns and may have explosives for use during the 
initial strike. Operatives may target certain individuals or initially focus on access 
points such as doors, to kill responding personnel or those attempting to escape. It 
should be assumed that active shooters do not intend to survive the assault and 
will target hostages if a rescue attempt is made. 

The LAX Active Shooter on November 1, 2013, at 9:18 am, an armed gunman 
walked into Terminal 3, at Los Angeles International Airport, and opened fire on 
TSA personnel. The individual was dropped off at the airport by a friend who 
apparently did not know the man’s intentions. He concealed his automatic weapon 
by creating a hole in the bottom of a duffel bag and another hole in the top of a 
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standard rollaboard suitcase. This setup allowed him to slide his automatic weapon 
down through the duffel bag, which was lying on top of the rollaboard, and into the 
hole in the top of the second suitcase, completely concealing the rifle. 

In the line at the travel document checkpoint was TSA Transportation 
Security Officer Gerardo Hernandez. The gunman approached Hernandez, with- 
drew the rifle from the bags and opened fire, hitting the TSA agent. As the 
shooter proceeded up the escalator toward the screening checkpoint, passengers 
and other TSA personnel immediately scrambled for cover. Upon seeing that 
Hernandez was still moving, the shooter walked down the up escalator and fired 
several more shots, killing Hernandez. The shooter then proceeded back up the 
escalator toward the checkpoint. 

At the screening checkpoint, passengers and TSA personnel were scrambling 
to escape the gunman, who was moving from one individual to the next asking if 
they were “TSA.” If the answer was “yes,” he shot them. Two TSA agents, who 
were attempting to help an individual evacuate from the checkpoint were hit by 
gunfire, along with another civilian. Another TSA agent knocked off a telephone 
receiver that activated a call to the airport police dispatch center, before evacuat- 
ing the checkpoint. 

The shooter proceeded into the sterile area toward the boarding gates. LAX police 
who had just held an active shooter training exercise, responded en masse. An LAX 
officer engaged the gunman in the boarding area of Terminal 3. Several shots were 
exchanged and the gunman was eventually shot, wounded, and taken into custody. 

While the shooter was down, the airport was still left to deal with significant 
issues, including over 20,000 people evacuating or sheltering-in-place from three 
different terminals, many of them running onto the airfield, or hiding in utility clo- 
sets, gift shops, restaurants, and on airplanes. Hundreds of bags had been dropped 
along with many personal belongings, which had to be reconciled to their owner, 
but not before the entire area had to be processed as a crime scene. Additionally, 
callouts to mutual aid resulted in hundreds of police, fire, and emergency medical 
personnel descending on the airport, effectively choking off all landside access into 
the airport, for hours. Adding to the complications is that the airport still had to 
accept several inbound aircraft, which were low on fuel as they had just come 
across the Pacific Ocean, flying aircraft too large to divert to other airports. 

Having experienced its second active shooter attack (the first was on July 4, 
2002, at the El Al ticket counter at the LAX international arrivals building), the 
airport commissioned an in-depth and transparent study to determine what 
improvements could be made. The report is available online, but some of the key 
conclusions are listed below: 


1. Continue using risk-based approaches to evaluate current security programs 
and explore technologies that can assist in future incidents. 

2. Establish clear lines of responsibility and well-documented processes for alert 
notification to avoid delays in mobilizing a response and during the early 
stages of an emergency. 
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3. Continue to evolve the use of incident command systems (ICSs) in such an 
incident in order to leverage the full capability of all assets and achieve unity 
of command. 

4. Better integrate the airport’s Department Operations Center (aka, Emergency 
Operations Center). 

5. Develop a variety of strategies to notify the public to ensure awareness, 
safety, and comfort those impacted by a crisis. 

6. Develop effective public communication systems to assist with either 
evacuation or shelter in place options and trained personnel to assist evacuees. 

7. Develop response plans for better mobilization of passenger assistance and 
mass care, including the ability to get medical assistance more rapidly to 
injured persons (LAWA, 2014). 


An airport may deter an active shooter through the use of armed and alert law 
enforcement personnel, frequently patrolling the public areas of the airport, which 
include ticket counter areas, baggage claim areas, presecurity waiting areas, and 
land side access vehicle roadways, such as airport pickup and drop-off locations. 

Since the Columbine high school attack in 1999, after-action active shooter 
reports have included one common element, and that is the ability to get medical 
aid to individuals who are injured, as rapidly as possible. Prior to Columbine, it 
was normal for police to completely secure a scene before emergency medical 
teams would enter; however, in the new “age” of active shooters, the time before 
a scene is secured could be several hours after the end of the shooting. New 
protocols for active shooters, developed after Columbine, require police personnel 
to proceed in the direction of gunfire until the threat is neutralized, not stopping 
for injured civilians or other response personnel. A lack of rapid medical attention 
was blamed for the death of Columbine teacher Dave Sanders, yet nearly 20 years 
later, getting rapid medical treatment to victims is still a common problem. 

Some airports have developed and are teaching to their airport operations, and 
airport maintenance personnel, methods to use individual trauma kits (also known 
as Tactical First Aid kits), and providing teaching for their paramedics in Tactical 
Combat Casualty Care (TCCC). A typical trauma kit includes a tourniquet that 
can be applied by an individual onto themselves or others, and/or a compression 
bandage, Z-pack° style dressing that can be packed into a penetrating injury, 
gloves, and duct tape. While airport operations and maintenance personnel or 
others who are trained in the use of an individual trauma kit are not expected 
to enter dangerous areas to treat victims, they may be able to use the kit to 
treat themselves or others in their vicinity. TCCC-trained personnel are 
similar in nature to combat medics and are able to go in under the cover of law 
enforcement, before the scene is completely secure, to render assistance. 





5Z-Pak Dressing is a highly absorbent, sterile, cotton wound packing that is “Z-folded” for ease in 
packing wounds. 
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An airport is particularly vulnerable when there are long lines at the screening 
checkpoints or when there are weather closures, resulting in thousands of people 
crowded into the terminal building and in security and ticketing lines. Airport 
operators should deploy additional law enforcement during these times. A rapid 
response by law enforcement is required for any such assault, particularly an 
assault where the assailants are intent on taking hostages. Rapid intervention may 
disrupt a planned seizure. Airport terminals should be equipped with panic alarms 
and emergency assistance buttons, along with closed-caption television (CCTV) 
with two-way audio capability, so that security personnel can monitor the public 
areas of the airport. Airport operators and local law enforcement entities can be 
proactive in preventing this type of attack through the tactics and strategies 
outlined in the “Airport Policing” section in Chapter 12, Security Operations. 
These types of assaults usually involve prior surveillance and local coordination. 
Therefore, the activities of the terrorists may be detected before the attack. 


EMERGING CONVENTIONAL THREATS 


Most emerging conventional threats have already occurred against nonaviation 
targets, such as attacks on military facilities, embassies, hotels, and businesses. It 
should be assumed that these forms of attack will eventually be used against 
aviation. Some emerging conventional attacks have already occurred against 
aviation in various forms including man-portable air-defense (MANPAD) attacks 
and airport perimeter assaults. 


AIRPORT ATTACK: IMPROVISED EXPLOSIVE DEVICE 
(LEAVE-BEHIND DEVICES) 


This section addresses the most common type of improvised explosive device 
(IED), which is a bomb that is planted, or delivered, with the individual making 
the delivery evacuating the area prior to detonation. Suicide or homicide bombers 
are addressed in a subsequent section. Bombs continue to be among the most 
common weapons used by terrorists and extreme criminals. Even the threat of a 
bomb, without an actual device, is often enough to disrupt the daily operations of 
a business or public entity. Commercial explosives are readily available, along 
with materials such as fertilizer (nitrates) and diesel fuel or fuel oil, to create an 
explosive, such as was used in the bombing of the Murrah Federal Building in 
Oklahoma City, OK. Military-grade explosives are available both for legitimate 
sale by certain companies and countries and through the black market. Beginning 
in 1996, US airport operators had to start announcing over their public address 
systems that if bags are left unattended, they will be removed and destroyed. 
This warning stemmed from measures taken after the crash of TWA Flight 800 to 
deter the placement of a remote-controlled or timing device—actuated bomb. 
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The warning has also reduced baggage theft, although this was not the primary 
reason the announcement was required. 

There have been numerous attacks against society using explosives placed in a 
briefcase or other container that can be triggered remotely or via a timing device. 
Although fewer of these forms of attack have occurred in aviation, the potential 
remains high that they will be used. An unattended package or bag can cause a 
significant disruption to normal operations, delaying flights, inconveniencing 
passengers, and shutting down businesses in the airport. A detonation can cause 
massive loss of life, damage to property, and economic loss. 

One of the most significant challenges with respect to IEDs is properly identi- 
fying an object as an JED. This is particularly difficult at an airport where, despite 
public announcements, baggage and briefcases are routinely left unattended 
(even shortly) every day. An unattended bag is an item that has been observed or 
reported not to be in the custody of an individual. When a bag is discovered to be 
unattended, airport security, law enforcement, or operations personnel should 
onduct a series of evaluations to determine whether additional action is necessary. 
One of the first steps is to note the location. Unattended bags tend to be on 
curbside passenger pickup and drop-off areas and near ticket counters and 
baggage claim areas. Bags are also routinely left unattended near airport restau- 
rants and in gift shops. 

An unattended bag should be carefully examined for the travel date, identifica- 
tion information, and general condition. Stains, oil or watermarks, and tears could 
be signs of tampering. The examination, however, should take place without 
touching or moving the bag. Next, security should make a public announcement 
asking for the owner of the bag to identify him- or herself or asking if anyone can 
identify who may have left the bag or item. Nearby passengers and employees 
should be questioned quickly. If an owner has not been found, officials should 
consider elevating the unattended bag to the category of a suspicious device and 
notify law enforcement. 

The law enforcement notification should take place away from the unattended 
item (at least 50 ft away). Radios and cell phones should not be used around the item 
as they may trigger a detonation, particularly if the IED has a remote detonation 
mechanism triggered by a cell phone or radio frequency. Blasting caps can be 
triggered by radio frequency emissions. The area around the suspected IED should 
be immediately evacuated and cordoned off until law enforcement arrives. 

The quickest way to check for an IED in an airport is to use a K-9 explosives 
detection team. Other methods include a portable trace detection device or a 
portable X-ray device. If there is detection, by K-9 or through other means, of a 
possible IED inside the container, the evacuation area should increase to at least 
1000 ft. Floors above and below the suspected device should also be evacuated, 
and an explosive ordinance disposal (EOD) team should be notified immediately. 
Some airports have onsite EOD teams. Many large commercial service airports 
have purchased and maintain a mobile explosive container device used to relocate 
and safely detonate the item away from the public areas. Unless properly trained 
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and equipped, the number one rule for handling a suspicious item is not to handle 
it in anyway. The EOD should also be notified immediately if an aviation 
employee spots an IED such as a pipe bomb or similar device, hidden in a 
planter, trash can, or other areas that provide natural concealment. 

Personnel handling incoming mail should be trained on what to look for to 
detect whether a parcel or letter contains an IED or a chemical, biological, or radio- 
logical agent. Signs such as excessive string or tape on a parcel, lopsided or uneven 
parcels, rigid or bulky parcels with the package clearly too small for the contents, 
oily stains or discoloration, wrong name and address or wrong title, and strange 
odors are all signs of danger. Letters with restrictive markings such as “personal” 
or “only to be opened by” written or printed on them, badly typed or written 
addresses, excessive postage, packages that have been mailed from a foreign coun- 
try, misspelled words, and the absence of a return address are signs of a possibly 
dangerous letter. Some airports may consider installing small X-ray devices in their 
mailrooms to scan all incoming mail. 

When responding to a bomb threat, suspicious package, or other suspicious 
incident, the role of the first responder is to determine that a threat has been made 
or exists, validate the threat, obtain necessary resources to respond to the threat, 
and notify supervisory personnel. The first responder will have to make several 
immediate decisions, such as whether to evacuate personnel or shelter in place 
(Smith, 2009, p. 3). By default, the first responding official is also the incident 
commander, until relieved by a higher authority. 

Responders must consider whether the bomb threat or suspicious device is a 
ruse to cause personnel to leave the area, where they can be attacked in another 
location, or as a diversionary tactic while another crime occurs at another 
location. If personnel are to be evacuated, responders should ensure that the 
evacuation pathways do not extend past the suspicious device or area, and that 
the area to which individuals are evacuated has been checked for suspicious 
objects, vehicles, and persons (Smith, 2009, p. 3). 

Other considerations for responders are that actual bombs are more likely in 
airport public areas than in an airport sterile area, but it cannot be discounted that an 
airport insider has planted a device within the sterile area. If a suspicious object is 
found, the object should not be touched, nor should radio or telephone transmissions 
be made nearby. If the suspicious object is small, such as a small purse or bag, 
responders should evacuate to at least 300 ft, but 1500 ft is preferred. For larger 
objects, such as a laptop bag, 1500 ft should be the minimum evacuation distance. 

With any object that appears to be over 25 lbs, evacuation distances should 
exceed 1500 ft, and operations in the area should be shut down completely. Time, 
distance, and shielding are all allies during an explosive device detonation. 
Responders should not turn on or off power, lights, utilities, or equipment and should 
keep away from glass, nor have personnel stand under windows. Some bombs may 
be used to distribute toxic chemicals and blood-borne pathogens, or bombs can be a 
diversionary device to attract the attention of responders, who may be targeted for a 
second bombing (Smith, 2009, p. 61). 
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VEHICLE-BORNE IMPROVISED EXPLOSIVE DEVICE 


The use of a vehicle-borne improvised explosive device (VBIED), commonly called 
a car or truck bomb, was proven effective in the 1983 bombing of the US Marine 
Corps barracks in Beirut, Lebanon. The basic concept is to fill a car or truck with a 
large quantity of an explosive, drive it to the target area, then detonate it, either 
from inside the vehicle (suicide attack) or by a remote command or timing device, 
such as occurred at the Murrah Federal Building in Oklahoma City, OK. VBIEDs 
have been used many times since the 1970s throughout the world. 

In 1999, Ahmed Ressam attempted to use a VBIED to attack Los Angeles 
International Airport. He was discovered while traveling to California by a Port 
Angeles, WA, customs inspector. If he had been successful, the resulting 
explosion could have resulted in the deaths of hundreds, in both the initial explo- 
sion and in the falling debris in the collapse of the Bradley Terminal Building. In 
1995, the Federal Aviation Administration (FAA) implemented the 300-ft rule, 
which at the time prevented unattended vehicles being parked within 300 ft of the 
terminal building, and police and security personnel were instructed to immedi- 
ately tow any unattended vehicle left in the passenger pickup and drop-off lanes. 
These actions were eventually relaxed, but they were reestablished after 9/11. 
Again, the restrictions were slowly lifted at many airports, particularly those that 
conducted vulnerability assessments and integrated reinforced materials into their 
terminal remodeling. Many airports also conduct continuous police patrols of the 
landside areas looking for suspicious vehicles and individuals. Realistically, these 
measures also do little to prevent a suicide bomber from driving to the terminal 
building and immediately detonating a VBIED. Profiling can help identify 
reconnaissance personnel and may allow officials to spot a bomber shortly before 
carrying out a detonation, but it is likely there will not be enough time to 
intercede in the attack. 

One solution is to create vehicle checkpoints on the roads accessing the 
airport. A standard checkpoint with personnel to stop and search all inbound traf- 
fic will quickly bring traffic into and out of an airport to a halt and cause numer- 
ous delays. Many airports are located within a city and do not have adequate 
standoff distances in which to create large vehicle checkpoints. Therefore, any 
checkpoint should first be able to distinguish among vehicles that do not pose a 
significant threat and those that require further scrutiny. Second, any technology 
or process should be able to scan vehicles rapidly for signs of explosive devices. 
Technological solutions such as millimeter wave devices that can emit radio 
waves into inbound airport traffic lanes, causing a device to either be detected or 
detonated before it reaches the terminal building, are one solution. A checkpoint 
using a scale matches the vehicle to a profile of what the vehicle is “expected” to 
weigh. Other technologies are also being developed that will detect trace 
chemical, nuclear, and other explosive elements. Technologies to scan maritime 
and aviation cargo, such as the use of infrared, thermal, and backscatter X-ray 
imaging, should also be utilized at vehicle checkpoints. 
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Airport design can also help mitigate a VBIED attack. Airports with one 
terminal building are particularly vulnerable as one VBIED may be able to destroy 
or disable the entire facility, whereas multiple VBIEDs would be required to 
disable airports with multiple terminals. Airports should also create natural standoff 
distances for vehicles in the landside access lanes. Airports should also install 
bollards next to the terminal building to prevent or deter vehicles from being driven 
or crashed into infrastructure. Safety glass and reinforced materials should be used 
within the structure of the terminal building. A critical component for protecting 
the airport is the ability to return to operation as quickly as possible, thus mitigating 
the impact of an attack on operations and to the economy. Rapid response by 
Urban Search and Rescue teams, along with readily available backup facilities, 
should be included in any VBIED response plan. 

Some research has indicated that a small IED placed in the public area of an 
airport terminal or a VBIED would not have a significant impact on airport 
operations (Mueller and Stewart, 2016). However, the research only took into 
account one airport, Dulles International, and under a specific set of circumstances. 
When you’ve seen one airport, you’ve seen one airport, is a saying in the airport 
industry. In the aftermath of the bombing of the Oklahoma City building, airports 
were instructed to conduct blast vulnerability assessments using similar amounts of 
explosives, and many airports made changes to security policies, as well as 
upgraded some of their structures, as a result. 

One of the authors of this text (Price) has been involved with several such 
blast assessments, and while the results are confidential and should not be 
publicly disclosed, we can attest that the damage to an airport from either an IED 
detonated within the public area or a VBIED, outside of the terminal building, 
could span the range of destruction from minimal to total, depending on 
placement, yield, time of day, and numerous other factors. 

Interestingly, however, Mueller and Stewart’s research determined that what 
would be more deadly to an airport than a bombing, would be an active shooter 
attack at the same level of the Mumbai active shooter attacks in India. Their 
statistics showed an 85% probability of success for an armed team of active 
shooters attacking in a public location, rather than 15% for a bomb or vehicle 
bomb. However, not included in the research is the difference in an active shooter 
hitting the public area of an airport, where police are on station and response 
times are several minutes less than in the community, in which active shooter 
response times are often north of 5 minutes. 


AIRPORT ATTACK: SUICIDE OR HOMICIDE BOMBER 


The suicide bomber attack in the public areas of the airport terminal building in 
Brussels in 2016 highlights the need to address public-area safety. Moving the 
screening checkpoints is not always the easy solution, as in some cases airport 
operators may be moving the crowd and the target. In 2006, a suicide bomber ran 
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into the lobby of the Islamabad, Pakistan, airport, where he was confronted by 
police. He shot three officers then dropped a hand grenade he was carrying, which 
killed him. Although there have been several cases of suicide bombers boarding 
aircraft, this was one of the few attacks in an airport by a suicide bomber. What 
makes the suicide bomber one of the most deadly forms of attack used by 
terrorists in recent years is that it is essentially a “bomb with a brain.” Unlike 
command-detonated IEDs, suicide bombers adjust to the environment, identify 
law enforcement and security measures, flee and return another day, or relocate 
into a crowd or key infrastructure to increase destruction. A suicide bomber can 
also quickly move into position and detonate. An IED has to be positioned by an 
operative. Then the operative must move from the IED, leaving the device 
unattended for at least several moments before detonation. During this period, 
there may be enough time to cause suspicion and prompt a law enforcement 
response. However, remember that a suicide bomber also does not have to worry 
about an escape route! 

Besides the advantage a suicide bomber has as related to tactics, another 
advantage is a common belief that a suicide bomber cannot be stopped. A 
frequent comment is, “You cannot stop people who are so dedicated that they 
will kill themselves to commit a terrorist act.” This is not true, and to adopt such 
a belief provides suicide bombers with their biggest advantage of all—the belief 
that they cannot be stopped. Suicide bomber operations often involve dozens of 
individuals; these include those involved in recruiting and preparing the operative, 
planners, safe house operatives, reconnaissance personnel, bomb builders, and 
others. Throughout this preparation time, others can become aware of the pending 
attack and potentially inform law enforcement agencies or accidentally leak infor- 
mation to friends and family. Suicide bombers are committed to dying in the 
attack. However, they do not want the attack to be a wasted effort and thus will 
spend considerable time planning for the attack. 

Once a suicide bomber is loaded up and walking to the target area, stopping 
the attack is very difficult—but not impossible. In Israel, police and citizens are 
trained in tactics to defeat suicide bombers. These have been shown to be about 
80% effective when employed by someone trained in the proper techniques. 

Suicide bombers typically carry 2—30 Ibs of plastic explosives attached to a 
firing trigger kept in their hand, pocket, or chest area. Pushing a button or 
toggling a switch completes the circuit and detonates the bomb. Sometimes, the 
bomber pushes the button to arm the device. When the button is released, the 
bomb explodes. This technology makes it difficult for law enforcement to stop a 
detonation. Bombs can be hidden in backpacks, vests, undergarments, briefcases, 
musical instrument cases, luggage, inside vehicles and boats, and on bicycles and 
motorcycles. For women, sometimes bombs are placed around the stomach area 
where it is disguised to make the woman appear pregnant. Suicide bombers have 
also used stolen trucks, ambulances, and police vehicles, and at times, large 
hazardous material or gasoline trucks have been stolen and used in suicide 
attacks. Occasionally, nails and bits of metal are wrapped with the IED to 
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increase the damage caused by the blast. There have even been rumors of suicide 
bombers injecting themselves with the AIDS virus in an attempt to spread the 
disease during the blast. Chemical and biological elements may also be mixed 
into an explosive. However, one challenge to this concept is that the temperatures 
created by the explosion may vaporize these elements. 

In the 1993 bombing of the World Trade Center, it was reported that Ramzi 
Yousef attempted to put a chemical agent with the bomb but the element 
vaporized in the blast. Soft targets, such as publicly accessible areas, are favorite 
locations for suicide bombers. Security checkpoints are also prime targets as are 
caravanning vehicles. At an airport, the primary target for a suicide bomber may 
be an airplane, as seen in Russia in 2004, or more likely the publicly accessible 
terminal building. Security checkpoints may also be targets at an airport, along 
with critical infrastructure such as the air traffic control tower. When security 
lines and ticket counters are jammed with passengers, the higher density of 
passengers creates a probable target for the suicide bomber. When the liquid 
bomb plot was discovered in London in 2006, thousands of travelers were packed 
into the public terminal areas at Heathrow International Airport, creating an 
extraordinary target. Military and law enforcement assets should be heavily 
deployed in such circumstances. 


AIRPORT ATTACK: PERIMETER BREACH AND STANDOFF WEAPONS 


In addition to the fence surrounding an airfield, the perimeter includes the gates 
and access control systems, which prevent unauthorized personnel from accessing 
the airfield. The Government Accountability Office (GAO) characterized the 
airport perimeter in a 2004 assessment as airfield fencing and access gates, access 
controls restricting unauthorized access to secured areas, and security measures 
pertaining to individuals who work at airports (Berrick, 2004). 

Low priority in security concerning airport perimeters has been caused by a 
relatively low frequency of attack on airports or aircraft through or over a perime- 
ter fence. Although there have been attacks at some foreign airports, a US airport 
has yet to experience a known attack of this nature. With the changing nature of 
the terrorist threat, along with security gaps being addressed in passenger and 
baggage screening, the possibility of an attack through or over a perimeter bound- 
ary increases. 

An airport perimeter can be exploited in many ways. For example, an armed 
assault by aggressors can drive through a perimeter gate, or individuals posing as 
airport security guards could access the airport perimeter without creating notice. 
When considering threats coming through the airport perimeter, offsite attacks 
must also be considered—for instance, a rocket-propelled grenade (RPG) attack, 
automatic weapons fired through the fence at aircraft, or an IED detonated in the 
flight path of a landing plane. 

Although many airports have limited fencing, 7 ft of chain-link fence with 3 ft 
of strands of barbed wire at the top is the minimum recommendation. Some 
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airports are bordered by water but cannot have perimeter fences, as it would 
create safety issues for aircraft landing or taking off. Some airports are bordered 
by densely wooded areas or densely populated areas, which makes it difficult for 
officials to observe large areas of the perimeter and detect intruders while there is 
still enough time left to respond. Another challenge in protecting the airport 
perimeter is the length of the perimeter surrounding an airport, making constant 
physical surveillance by security guard patrols not economically feasible. New 
technology is addressing these problems. 

Some foreign airports are switching to stronger fencing and including detection 
monitoring capabilities such as seismic sensors triggered when an individual 
touches the fence. Considering that replacement of airport fencing, particularly with 
larger and stronger materials, is cost prohibitive, many airport operators are looking 
at combining CCTV with smart software that can keep track of the entire perimeter. 
The software will discriminate against many nuisance alarms such as the wind, 
branches, and other objects blowing into the fence or the detection area, and small 
animals whose movement may cause a detection system to alarm. When these 
systems detect a valid alarm, the CCTV camera captures a recording of the intru- 
sion attempt and alarms an operator. The operator can then implement a proper 
response, such as dispatching a security guard to check for a possible transient or 
drunk who has decided to jump the fence, or to issue a full law enforcement 
response if it looks like armed intruders are attempting to gain access to the airport. 
There are a variety of sensors currently in use and being developed, including 
infrared and thermal sensors, underground and fence-mounted seismic sensors, and 
video motion detection systems. 

Penetrating the airport perimeter is one form of attack to consider, but equally 
important are threats that occur just outside of the airport’s perimeter fencing, 
such as an RPG attack, an aerial IED, or an automatic weapon attack on an 
aircraft that is taking off or landing. In 2004, new phenomena highlighted these 
off-airport threats when several individuals thought it would be fun to shine laser 
lights into the cockpits of aircraft landing at airports. The lasers temporarily 
blinded the pilots. There was speculation that terrorists could exploit this use of 
lasers. However, the laser lights created more of a safety issue than a viable 
terrorist threat. 

On landing, a civilian aircraft is operating “low and slow,” just above its stall 
speed and in a vulnerable state. It cannot maneuver as well as it can at higher 
speeds as the aircraft may stall completely, with little distance between the 
aircraft and the ground. Pilots must also deal with winds, lightning, and other 





6Certain regulations under Title 14 CFR Part 139 prohibit objects from being constructed near 
runways. Additionally, fencing that is between a runway and a large body of water could inhibit 
fire/rescue personnel from accessing an aircraft that has slid off the runway, through the fence, and 
into the water. The fencing acts as a metal net wrapped around the fuselage, thereby requiring 
aircraft rescue firefighting crews to use bolt cutters, under water, to open escape paths for the 
aircraft occupants. 
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elements while landing. Being fired upon by an RPG or being shot at by attackers 
on the ground with high-powered weapons creates a situation that could easily 
cause the pilots to lose control of the aircraft or cause the aircraft to crash 
immediately. 

The effectiveness of using an RPG against an aerial target was demonstrated in 
1993 over Somalia as militiamen downed two US helicopters in what is known as 
the Black Hawk Down incident. RPGs are widely available and in use around the 
world, most notably in Afghanistan and Iraq where they are used effectively against 
aerial and ground targets. An attacker off-airport could fire an RPG from the back of 
a truck, a boat, or from a position of concealment and quickly disappear. 

Although an RPG does not have a seeker capability, as a MANPAD does, a 
civilian airliner makes for a stable target because of its well-established flight 
path. Thus, the nature of the target increases the possibility of a successful hit 
from an RPG. An RPG can be fired at aircraft on the tarmac, either parked or 
taxiing. The high explosives carried by an RPG would certainly be capable of 
destroying an aircraft on the ground if it hit the right location. 

One other potential standoff attack has been brought up in the media, but its 
actual use remains in question. In Iraq, some observers have discussed the use of so- 
called aerial IEDs. An aerial IED is a shaped-charge explosive that is placed along 
the known flight paths of a helicopter. When the helicopter flies over the IED, the 
IED is detonated, sending a cloud of shrapnel into the flight path. The helicopter 
quickly ingests the shrapnel, causing the engine to flame out at a high speed and low 
altitude. The helicopter crashes before the crew has time to react. With the known 
flight paths around an airport, this type of device could be very effective. 

In response to standoff attacks, video detection technology combined with 
security and law enforcement patrols may be effective deterrents. Aviation secu- 
rity practitioners should also work with adjacent law enforcement communities 
and Neighborhood Watch programs to enlist the eyes and ears of the surrounding 
communities in watching for suspicious activity. 


AIRCRAFT ATTACK: MANPAD 


Since 9/11, a great deal of attention has been focused on the SAM threat. Known 
as MANPAD systems, which distinguishes them from vehicle, vessel, or land-based 
air defense systems, they can be launched by one person to strike an aerial target at 
altitudes up to 18,000 ft. They do not need to be fired near an airport to hit an air- 
craft, as long as the aircraft is within the threat envelope of the missile. 

In 2003, Secretary of State Colin Powell stated that there is no threat more 
serious to aviation than MANPADs (Beveridge, 2003). The Taliban definitely 
believed in the effectiveness of MANPADs, particularly US-built Stinger missiles, 
so much that the Stinger is considered largely responsible for turning the tide of 
the war in Afghanistan against the former Soviet Union. 

Present-day MANPADs are heat-seeking missiles, although some radar homing 
and laser beam “riding” SAMs are being developed, and there are radar homing 
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FIGURE 11.2 
Components of a MANPAD. 





From Department of State. 


SAMs that can be launched from a vehicle or vessel (Fig. 11.2). MANPADs are 
individually launched from a person’s shoulder; some missiles explode only on 
impact, whereas others can explode when in the proximity of a target. 

Depending on the version, MANPADs can reach speeds of Mach 2 and 
altitudes up to 18,000 ft. MANPADs offer a method of attack that works well 
with the goals and operating strategies of al-Qaeda. Terrorist organizations try to 
kill and destroy in impressive yet simple ways. A MANPAD offers the ability to 
do both—it creates a spectacular attack that is relatively inexpensive and highly 
lethal. It is also difficult to detect and defend against a MANPAD attack. 

Another challenge to the MANPAD threat is that it does not have to be fired on an 
airport or even near an airport to ensure a hit. A RAND study concluded that the 
envelope for firing a MANPAD was 870 square miles around Los Angeles 
International Airport (Chow et al., 2005, p. 14). Furthermore, protecting civil aviation 
from a MANPAD attack is an issue not just for US airport operators but for aircraft 
operators conducting operations throughout the world. Today, it is more likely that a 
missile attack would be conducted outside of the United States rather than within. 

Since 9/11, there have been two notable MANPAD attacks. The first was on 
an El Al charter flight departing Mombasa, Kenya, and the second was on a DHL 
cargo flight departing Baghdad, Iraq. In the first incident, the missiles missed the 
charter flight. In the second, two missiles were fired. The first one hit and caused 
significant damage to the aircraft, but the pilots were able to land that plane and 
survive the incident. Historically, in 35 attacks on commercial airliners, 24 have 
been brought down. However, most of those were smaller turbo-prop, piston 
engine, or helicopter aircraft. In the five known attacks on jets, only two were 
brought down (Chow et al., 2005, p. 5). 
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Other factors to consider in relation to MANPADs are whether an attacker can 
actually hit the target and whether the missile with a small warhead (<5 Ibs) can 
cause enough damage to take down a large commercial airliner. Although a 
MANPAD may be fired from virtually anywhere, there are environmental factors 
that can contribute to the success or failure of the shot. Ideally, terrorists want 
favorable terrain and predictable flight paths, both of which exist around a 
commercial service airport. 

A missile can be deterred by providing its tracking sensors (seeker head) 
with something else to chase or by confusing its sensors. With the seeker 
head not knowing which direction to go, the missile “goes stupid” and either 
self-destructs or falls to the ground. Antimissile technologies used to protect 
aircraft include flares, laser jammers, and high-energy lasers. Flare systems 
were tested in the United States, but there are safety issues with putting 
flares on commercial aircraft. Commercial laser jammers are being developed 
that are both aircraft based and ground based. The aircraft-based systems are 
being adapted from military antimissile systems, but they cost about $1 million 
per airplane. 

Airport security officials can assist with MANPAD prevention efforts. In 
2003 and 2004, security officials and other private organizations conducted 
research at the nation’s airports to determine the most advantageous locations 
from which to fire a MANPAD. These results were released to airport operators 
to assist security and law enforcement agencies in the surveillance of these 
locations. 

Many of the statistics on the threat of MANPADs to civil aircraft show a low 
probability of success, and even a low probability that an individual will attempt 
such an attack in the continental United States. However, US aircraft have contin- 
ually been targets of terrorists throughout the world, so the possibility exists that 
a US aircraft could still experience a missile attack, while flying to or from a 
foreign destination. 


EMERGING ASYMMETRICAL THREATS 


Asymmetrical threats include threats that either have not occurred against aviation 
or have occurred against aviation and are highly irregular, such as attacks using 
chemical weapons, cyber-attacks, and attacks using GA aircraft. These types gen- 
erally fall outside the normal threat paths familiar to aviation security 
practitioners. 


CHEMICAL/BIOLOGICAL/RADIOLOGICAL/NUCLEAR ATTACKS 


CBRN is an acronym describing chemical/biological/radiological/nuclear forms 
of attacks, and all four are generally considered WMD. Investigations have found 
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that both domestic and transnational terrorist organizations have formed plots to 
use chemical and biological weapons. A few examples of these plots are as 
follows: 


1. In 1985, federal law enforcement authorities discovered that a small 
survivalist group in the Ozark Mountains of Arkansas known as the Covenant, 
the Sword, and the Arm of the Lord had acquired a drum containing 
30 gallons of potassium cyanide, with the apparent intent to poison water 
supplies in New York, Chicago, and Washington, DC. 

2. In 1992, German police thwarted the release of cyanide in a synagogue by 
neo-Nazis. 

3. In 1995, the FBI thwarted a possible sarin attack at Disneyland. 

4. From April through June 1995, there were several copycat attacks in Japan of 
the Aum Shinrikyo attack, using cyanide, phosgene, and pepper spray. 

5. In May 1995, a member of the Aryan Nation was arrested for ordering plague 

bacteria. 

. In 1995, an Arkansas man possessing 130 g of ricin was arrested. 

. In 1997, two chlorine bombs were activated in a crowded shopping mall in 

Australia, injuring 14 and causing the evacuation of 500 shoppers. 


yO 


Chemical or biological terrorism has become more popular because of its 
heightened fear factor. It is difficult to detect, most often easily and anonymously 
spread by air, and requires extensive decontamination, rendering facilities 
unusable for long periods. Terrorists do not need large quantities of chemicals or 
biological agents, particularly if their target is in an enclosed space such as a 
shopping mall, convention hall, or airport. In fact, airports can be ideal targets for 
chemical and biological agents, as they are high-profile enclosed spaces where 
there are many people. 


Chemical 


A chemical weapon is any weapon that uses a manufactured chemical to kill 
people. Chemical weapons are broken down into five categories: nerve agents, 
blistering agents, blood agents, choking agents, and irritants. Aviation security 
practitioners should understand the symptoms associated with each and train 
first-response personnel on these signs. 

Chemical agents can be dispersed in a number of ways, but the most effective 
method is through the air. First responders arriving at the scene of a potential 
chemical attack may note patients in respiratory distress or patients with severe 
eye irritations, skin redness, or other symptoms. Unfortunately, eye irritation and 
distress can also be signs of smoke inhalation, shock, and numerous other 
situations that do not involve chemical warfare elements. Blistering, skin legions, 
tightening of the chest, and accumulations of fluid in the chest or larynx may 
indicate a chemical attack. 
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Biological 

Aviation security practitioners are at a severe disadvantage in defending against 
biological agents. The aviation system makes possible the rapid and widespread 
distribution of a biological agent once an infection has begun. Further, it may 
take several days before symptoms of an infection manifest, during which time 
thousands may have been exposed. The only way to detect an outbreak is through 
a clinical presentation, which is generally after the fact. The good news is that 
many biological weapons are difficult to manufacture, more so than chemical 
weapons. From a practical point-of-view, reducing preventable losses has a 
greater impact on reducing causalities than does reducing the possibility of an 
attack (Christen and Maniscalco, 2002). 

There are several types of biotoxins including botulinum toxins, ricin, saxi- 
toxin, anthrax, cholera, Ebola virus, and the plague. Some toxins are related to 
common food biological problems such as Staphylococcal Enterotoxin (food 
poisoning), Cholera, and saxitoxin, a biotoxin transmitted by shellfish. Ricin is 
produced by the castor bean plant and is available throughout the world; it has 
been used in assassinations. 

Biotoxins can have another impact on the aviation community, even if they 
are not used in a terrorist attack. The impact of SARS and the bird flu on the avi- 
ation community has been seen with periodic quarantines to certain countries. If 
such a disease were to break out in the United States, airport and airline managers 
could lose a large percentage of their workforce for several weeks until the dis- 
ease runs its course, during which time the ability to continue to provide for the 
security and law enforcement needs of the aviation community will be consider- 
ably diminished. 


Radiological 


A radiological dispersal device (RDD), commonly called a dirty bomb, combines 
a conventional explosive, such as dynamite, with radioactive material. Some have 
called this type of device a weapon of mass disruption, not destruction. At an air- 
port, such a weapon could shut down large areas of a terminal building for 
months, or years, and possibly even require the destruction of the contaminated 
portion of the facility. 

A variety of radioactive materials, including Cesium-137, Strontium-90, and 
Cobalt-60, are commonly available and could be used in an RDD attack. 
Hospitals, universities, factories, construction companies, and laboratories are 
possible sources. According to the Nuclear Regulatory Commission, the levels or 
radiation possible in a dirty bomb from these sources would not be sufficient to 
kill anyone or even cause severe illness. 

Certain other radioactive materials dispersed in the air could contaminate up 
to several city blocks, creating fear and possibly panic and costly cleanup. 
Prompt, accurate, nonemotional public information might prevent the panic 
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sought by terrorists. A second type of RDD might not involve an explosive but 
could be a powerful radioactive source hidden in a public place, such as a trash 
receptacle in a busy train or subway station where people passing close to the 
source might get a significant dose of radiation. Of particular concern to the DHS 
is the possibility that someone could attempt to bring a radiological device into 
the United States via aircraft, specifically a GA aircraft. To that end, the agency 
has deployed Customs and Border Protection (CBP) agents to scan incoming 
flights arriving at GA airports and in GA areas of commercial service airports. If 
they identify an aircraft that is emitting radiation, the airport operator must then 
handle the incident. 

First responders must be aware that radiation is invisible; may exist in a 
liquid, solid, or gaseous state; and that someone does not have to come into direct 
contact with a radioactive substance to be exposed to the effects of radiation 
(Christen and Maniscalco, 2002). How much exposure to radiation is too much is 
a subject of considerable debate, but generally, high levels of exposure will 
quickly lead to incapacitation of the nervous system, the breakdown of bone 
marrow, and, eventually, death. For first responders, the first priority when 
responding to an incident where an RDD has been deployed is to establish a large 
perimeter and administer to the medical needs of those affected. Individuals who 
have been exposed to radiation do not pose a threat to responders, but individuals 
who have been contaminated will represent a health threat to responders (Christen 
and Maniscalco, 2002). First responders and EMS providers should not bring 
those who are contaminated directly to a hospital emergency room unless the 
hospital has been notified in advance and has had time to establish a proper 
receiving area. Both victims and rescuers must be decontaminated before being 
released. 


Nuclear 


The 2004 presidential candidates, President George W. Bush and Senator John 
Kerry, both agreed that the biggest threat facing the United States is the availability 
of nuclear materials and the possibility that they will fall into the hands of terrorists 
and be employed as WMD (Ervin, 2006). In The Forgotten Homeland, Clarke 
et al. (2006) warned of the ramifications of a nuclear attack on US soil: 


A nuclear detonation in a U.S. city would have profound and severe 
consequences for national security. The ripple effects would quickly extend 
beyond the destroyed city and could topple the government as American’s 
could lose confidence in their government’s ability to protect them against a 
horrific weapon of mass destruction. (p. 177) 


Although there is a higher risk of a nuclear device entering the United States 
by sea (Ervin, 2006), the threat of nuclear weapons being employed in the United 
States against a major city is also of considerable importance to aviation security 
practitioners. A nuclear device could be delivered by a variety of methods (eg, 
truck, rail, maritime), but the risk of a nuclear device being placed on an aircraft 
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is significant. An aircraft can access areas that ground-based vehicles cannot. An 
aircraft can carry a nuclear device to an optimum detonation position that could 
ensure the widest dispersion of radiation, electromagnetic pulse, and blast wave 
pressure. 

There are many threats from nuclear devices to the aviation system. One is the 
use of an aircraft, most likely a GA airplane, to deliver a nuclear bomb to a US 
city or target. A nuclear device could also be loaded onto a commercial airliner 
via cargo and timed to detonate as the aircraft flies over a major city. Terrorists 
could use an aircraft as a WMD and attempt to crash into a nuclear facility (as 
hijackers attempted in Oak Ridge, TN, in 1972). 

Another consideration for airport security managers concerning a nuclear strike 
is the possibility that the device may be detonated away from the immediate airport 
area. In this situation, airport security coordinators and the airport management 
will most likely assume responsibility for disaster management at the airport. 
During a nuclear attack on a city, the airport will represent one of the primary loca- 
tions for evacuation and for acceptance of outside supplies. The airport may also 
become a location for city officials to regroup and coordinate disaster relief efforts. 
Airport security managers will be faced with trying to maintain a secure operating 
environment. Although it will certainly be awhile before normal commercial flights 
resume, security personnel need to be aware of further attempts by terrorists to 
destroy or disrupt evacuation flights or even additional conventional attacks on the 
airport itself. Airport security managers will also be faced with fulfilling these 
duties with reduced staff, as some may have perished in the nuclear attack. 
Remaining staff will likely suffer posttraumatic stress as they may have lost loved 
ones in the attack and from the sheer magnitude of the destruction. Fortunately, 
nuclear attack remains a nightmare scenario. However, if the airport is still opera- 
tional, as we have seen in numerous natural disasters, people will migrate to the 
airport for shelter, food, medical care, and a sense of order that someone is still in 
charge. 


THE FUTURE IS HERE: INSIDER THREAT, DIRECTED-ENERGY 
WEAPONS, AND CYBER-ATTACKS 


While some futuristic attacks, such as cyber-attacks, drones, and directed-energy 
weapons, are truly unique to aviation others are simply a resurgence of threats 
that have long been part of aviation security’s history. 


Directed-energy weapons 


A disturbing trend has occurred in the past 10 years that affects both aviation 
safety and security issues—the use of lasers pointed at aircraft cockpits. The 
result is a light show within the cockpit, which distracts the pilots at best, and 
when the pilots are hit directly with the laser, temporary blindness and permanent 
eye damage can occur. Finding perpetrators is extraordinarily difficult; in 2011, 
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the FAA said that it pursued legal penalties against 28 people for pointing lasers 
at airplanes, but in that same year, over 2800 laser pointing incidents were 
reported by pilots (Laing, 2012). 

An FBI memo stated that al-Qaeda had explored lasers as a weapon, including 
a possibility of lasing aircraft cockpits to interfere with pilots’ ability to operate 
their aircraft safely. The most vulnerable portion of a flight to such an attack is in 
landing (Bertolli and Pannone, 2012). Aircraft have been lased many times both 
before and after 9/11. In one incident a Russian vessel was suspected of lasing a 
US military aircraft, resulting in pilot eye injuries; two US helicopter pilots suf- 
fered eye injuries in Bosnia after lasers were aimed at them from the ground; and 
North Korea is suspected of using the Chinese-made ZM-87 military lasers on US 
helicopters in the Korean demilitarized zone (Bertolli and Pannone, 2012). The 
ZM-87 lasers have the capability of flash-blindness and even tissue damage 
at 10 km (over 6 miles). Nonmilitary incidents include uses of lasers at landing 
aircraft cities throughout the world, as well as lasings of police helicopters 
(Bertolli and Pannone, 2012). 

While most people are familiar with the lasers used in presentations, there is a 
large market for commercial lasers, which are much more powerful. These 
are used in home improvements as distance measuring tools and in medical, 
scientific, and industrial applications. As early as the mid-1990s the Japanese 
Aum Shinrikyo cult failed in its attempt to use a laser weapon against police, and 
there have been attempts by Mexican drug cartels and foreign militaries to use 
lasers, also referred to as directed-energy weapons. 

While lasers that can actually do physical damage to an individual presently 
remain the domain of the military forces and are still in development, stand-alone 
directed-energy weapons, such as the Chinese ZM-87 laser blinder, are in use to 
disrupt and blind cameras and other electro-optical equipment, or even start fires 
at long distances (Sloan and Bunker, 2011). Directed-energy weapons are often 
used in conjunction with traditional firearms to blind responding forces or their 
weapons and equipment. 

The threat to aviation from directed-energy weapons is clearly the danger of 
blinding the pilots, which itself is hazardous enough, but when combined with a 
follow-up RPG or SAM attack, puts the pilots in a highly disadvantageous posi- 
tion to take evasive action. Also, should a terrorist group acquire a military-grade 
blinding laser, it could be used in an active shooter scenario to blind passengers, 
first responders, and CCTV cameras, making an effective response difficult. 


Unmanned aerial vehicles 

Another new form of attack is the use of remotely operated weapons, which are 
used by the US military in static, ground robot, or unmanned aerial vehicles. The 
cellular communication networks and even Wi-Fi networks allow communication 
with the bomb or weapon, which can be detonated or fired remotely, giving 
terrorists a standoff capability. The success of the IED attacks throughout Iraq 
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and Afghanistan point to the effectiveness of such weapons, however, many 
civilian facilities and vehicles are not equipped to handle such attacks. 

As an example of these new types of threats, in 2012 a Massachusetts man 
admitted to plotting to attack the US Capitol with remote-controlled model 
airplanes filled with explosives (NBC News Wire Services, 2012). He was 
arrested after taking delivery of plastic explosives, hand grenades, and six assault 
rifles from undercover FBI agents that he believed were members of al-Qaeda 
(NBC News Wire Services, 2012). Part of his plan was to blow up the Pentagon 
and US Capitol using remote-controlled planes and to kill American soldiers in 
Iraq and Afghanistan using IEDs detonated by modified cellphones (NBC News 
Wire Services, 2012). Experts said that it would be nearly impossible to inflict 
large-scale damage using model planes, but the man did manage to construct an 
IED device that was given over to undercover FBI agents who lied and told the 
man that the device was successful in killing US soldiers in Iraq. 


Insider threat 


The additional threat here points to the fact that a US citizen was “radicalized” 
into taking actions against the United States. This is indicative of a new type of 
threat—US citizens. One of the main defenses against attacks in the United States 
is the protection provided by our border and transportation security agencies: 
CBP, Immigrations and Customs Enforcement, the TSA, and the US Coast 
Guard. However, when the attacker is already inside the country, combined with 
knowing how our nation operates, our culture, our values, and our protections 
under the Constitution, this provides a context within which to operate. One of 
the most difficult types of attack to stop and respond to is a contextual attack, 
where attacks and attackers mimic their surroundings (Sloan and Bunker, 2011). 
These types of attacks have the lowest probability of being viewed as an anomaly 
or threat as the individual is within the context of his or her surroundings in terms 
of dress, ethnic profile, mannerisms and behaviors, cover stories, and actions 
(Sloan and Bunker, 2011). 

A disturbing demonstration of the effectiveness of a contextual attack is the 
Colorado theater shootings in July 2012. The individual entered the theater wear- 
ing a mask, helmet, and protective gear, which in any other film would be cause 
for concern, but the film playing was Batman: The Dark Knight Rises, and it was 
not unusual for some theatergoers to show up in costume. In fact, several early 
press reports quoted individuals who were inside the theater as saying they 
thought the individual was part of a stunt, or that the man was simply in costume. 

Anwar al-Awlaki was a radical American-born Muslim cleric, who was raised 
in New Mexico and attended Colorado State University, and who was, for a period 
of time, al-Qaeda’s chief propaganda agent. With his understanding of Western cul- 
ture and the media, he was able to carry the message of violent jihad against the 
United States over the Internet, through online lectures. In an article in The New 
York Times, al-Awlaki was called possibly the most prominent English-speaking 
advocate of violent jihad against the United States (The New York Times, 2012). 
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al-Awlaki is linked to the US Army psychiatrist accused of shooting 13 people at 
Ft. Hood, TX, Umar Farouk Abdulmutallab (the underwear bomber), and Faisal 
Shahzad who attempted to set off a car bomb in Times Square in 2010 (The New 
York Times, 2012). 

al-Awlaki was killed by a Hellfire missile, fired by a CIA-operated Predator 
drone in Yemen in September 2011. The strike set off a debate as it represented 
the first time since 9/11 when a US citizen had been deliberately targeted and 
killed by American forces. Also killed in the attack was Smir Khan, another US 
citizen born in Pakistan who was traveling with al-Awlaki. Kahn was the editor 
for the online jihadist magazine Inspire (The New York Times, 2012). A month 
later, al-Awlaki’s son, who was born in Colorado, was killed in another drone 
strike in Yemen. 

Interestingly enough, in an old article published back in 2001, shortly after the 
9/11 attacks, the FAA noted that it is “likely” the organization that staged the 
attacks, “has sought or will seek to place members in position at airports to 
facilitate future attacks, or that it will attempt to co-opt individuals already in 
such positions” (CNN, 2001). The article referenced the new requirements for 
aviation employees to undergo the fingerprint-based criminal history record 
checks. Combined with the recent attacks or attempted attacks by US citizens and 
gaps identified by the DHS Office of the Inspector General in the credentialing 
process, this represents a weakness that aviation security practitioners should 
continually seek to resolve. 

Attacks from within the aviation community are the most difficult to deter as 
insiders—including pilots, flight attendants, airport workers, and airline staff—have 
access throughout much of the aviation system. Many of the security layers in place 
to prevent outsiders from successfully attacking aviation can be bypassed through 
the normal course of business for an aviation employee. In 2007, an airport worker 
in Miami, FL, was arrested for smuggling large quantities of firearms onboard com- 
mercial airliners, and in 2015, airline workers were arrested for smuggling weapons 
inside the holds of commercial aircraft. Insiders may attempt to sabotage aircraft or 
circumvent airport access control systems to facilitate an attack. Fortunately, there 
have been few cases where an airline mechanic has sabotaged an aircraft resulting 
in it crashing. With the forensic abilities of the National Transportation Safety 
Board and the FBI, any such attempt would certainly be traced back to the perpe- 
trator. However, numerous other workers do have daily access to aircraft, thus secu- 
rity practitioners must remain on the alert for this threat. 

In regard to the potential for an aviation employee to introduce a bomb to an 
aircraft through air cargo or directly onto the aircraft, there are presently programs 
that require random screening of airport workers by TSA personnel. Additionally, 
three airports in the United States have created their own employee screening pro- 
grams, while several others have or are in the process of establishing employee 
inspection programs. Employee inspection programs are more random in nature 
and count more on deterrence and the threat to an adversary who may get caught 
while attempting to commit the act by one of these random inspections. 
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There are also requirements to screen items that vendors and caterers bring 
onto the airfield and aircraft. With several instances of airport workers in the 
United States and historical evidence that aviation personnel have previously 
been involved in criminal or terrorist acts on aviation, at the very minimum, an 
employee inspection program should be implemented. 

Many individuals at airports require frequent and repetitive access through the 
screening checkpoints and in and out of the security areas to perform their job 
functions. Airport police, firefighters, emergency medical personnel, airport 
operations, and certain maintenance and security personnel should be excluded 
from the screening or inspections. In lieu of screening, these individuals should 
undergo thorough and periodic background checks that are required to receive an 
access/ID badge. This type of screening could include an extensive reference 
check, a polygraph, or other background check similar to those conducted when 
issuing a military clearance. 

Just as police officers are thoroughly vetted and entrusted to wear a firearm 
and make arrests, the operational realities of an airport demand that some level of 
trust is provided to certain aviation workers to keep the system operating 
smoothly. Although police officers and others with security clearances and special 
access have been found guilty of using their privilege to commit crime, trained 
security professionals can employ numerous practices to ensure that those who 
are trusted remain trusted. 


GA aircraft 


Another potential threat from within the aviation system lies in the GA commu- 
nity. As previously discussed, GA aircraft are more accessible than commercial 
service aircraft. However, the majority of GA aircraft serve as inferior tools for 
destruction. With the exception of large business jets, most are too light and do 
not carry enough fuel onboard to make them an effective weapon.’ 

The most damaging threat from the use of GA aircraft would probably result 
from the use of a large corporate aircraft or light GA aircraft filled with explosive 
material or a CBRN agent and flown into a ground target. In a study conducted 
by the US Office of Technology Assessment, the agency estimated that a small 
private plane, on a windless night, loaded with 220 lbs of anthrax spores and 
flying over Washington, DC, could kill between | million and 3 million people 
and render the city uninhabitable for several years (Christen and Maniscalco, 
2002). Other studies have looked at the impact of a small aircraft filled with 
several hundred pounds of conventional explosives crashing into an open-air 
sports stadium. The immediate impact would result in many lives being lost, but 
the resulting panic would continue to take the lives of others as spectators scram- 
ble away from the flames. Local hospitals and burn centers would quickly be 





7Cases of this scenario include the intentional crash of a Cessna 172 into a Tampa, FL, bank build- 
ing in 2002 and the accidental crash of a Cirrus aircraft into an apartment complex in New York 
City in 2006. 
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overwhelmed, resulting in more casualties as people waited for treatment. Some 
studies have estimated the loss from such an event to be in the thousands, and 
most certainly in the hundreds. 

If a GA plane were used to create mass destruction, the resulting flight restric- 
tions and congressional lawmaking would probably cause the economic demise of 
GA. The cost of flying GA aircraft would increase significantly. There would be a 
resultant impact as fewer young people pursued aviation as a career, causing the 
pipeline for airline and military pilots to diminish. The cost of operating GA 
businesses and airports would escalate, forcing many GA airports to close. The 
business flights that would normally use GA airports would be forced to switch to 
commercial service airports, increasing congestion and flight delays. 


Cyber-attack 


Cybersecurity continues to be a growing concern among companies and governments 
throughout the world since technology and methods of attack evolve rapidly. 
Gemalto, a digital security corporation, notes that in the first 6 months of 2015, over 
888 data breaches occurred, compromising 246 million records worldwide. One of 
the largest breaches occurred on Anthem Insurance exposing 78.8 million records. 
One of the most notable breaches occurred when the US Office of Personnel 
Management’s system was breached, exposing 21 million records. 

In 2015, cybersecurity researcher Chris Roberts was removed from a plane 
after joking on Twitter about his ability to hack into the plane’s entertainment 
system, and noting that he could now actually manipulate the flight controls. He 
was subsequently investigated by the FBI and banned from flying on the airline 
(Zetter, 2015). While Boeing, United, and FAA officials all denied that Roberts 
could have accessed the flight control computers, the question remains whether 
he could have. With the advent of the upgrade of the air traffic control system to 
a GPS-based navigation (instead of radar), would he (or others) be able to hack 
into the system in the future? 

Most travelers know that commercial aircraft are mostly on autopilot, with the 
pilots actually taking control during takeoff, landing, turbulence, or emergencies. 
Aircraft systems today are computerized and networked, and when a pilot pulls 
back on the stick, or pushes forward, the pilot is more or less making a suggestion 
to the computer about what the pilot wants to do. In-flight navigational and 
communication systems are also tied together creating, in effect, an on-board 
networked environment. So far, that environment has been safe from hackers, 
unless someone were actually on board and could somehow tie into it. However, 
the question of what will happen when the industry completely integrates 
NextGen? into the nation’s air traffic control system remains to be answered. 
What was once a stand-alone network (the airplane) will be connected to a 





8NextGen is the ongoing transformation of the FAA’s complex air traffic control, radar, navigation 
and weather-prediction systems, from stand-alone equipment, to highly integrated and interdepen- 
dent computers and digital networks. 
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complex weather, communications, and navigational system that ties computers, 
air traffic control facilities, and aircraft from all over the country, together. 

In the fear-driven solutions that were proposed immediately after 9/11, some 
proposed that a system be put in place on commercial aircraft so that if hijacked, 
the aircraft could be taken over from the ground and flown safely to an airport. 
The idea was mostly academic at the time, but NextGen may make it possible, 
which opens up the real possibility of someone on the ground hijacking an aircraft 
if the individual can penetrate the network and connect to the aircraft’s navigation 
or flight-control system. 

In 2015, the GAO released a report indicating that while the FAA has taken 
some steps to protect its ATC system from cyber-based threats, significant security 
weaknesses remain that threaten the FAA’s ability to ensure the safe and uninter- 
rupted operation of the national airspace system (GAO, 2015). Further, the GAO 
notes that as modern aircraft are increasingly connected to the Internet, which can 
potentially provide unauthorized remote access to the aircraft avionics system, the 
FAA’s Office of Safety, which certifies interconnected systems, must be a part of 
the FAA’s Cyber Security Steering Committee—it presently is not. The FAA is 
also falling short of meeting NIST standards requiring modeling to identify poten- 
tial threats to information systems, and they have not adopted changes to NIST 
security controls to align with standards for intrusion detection systems. 

In 1983, President Ronald Reagan was relaxing at Camp David and watching 
the evening’s feature movie, Wargames. The movie stars Matthew Broderick as a 
teenage whiz-kid, who hacks into the main computer at NORAD, the North 
American Aerospace Defense Command. Reagan asked his advisors if such a feat 
could really be done, and he was shocked at the answer—yes (Kaplan, 2016, p 1). 
Recently, shortly after a speech by President Obama, on reform of the National 
Security Agency, a massive cyber-attack was launched against the Palazzo hotel- 
casinos on the Las Vegas strip. The assault destroyed hard drives in thousands of 
servers, PCs, and laptops, but not before stealing thousands of customers’ credit 
card information, along with social security numbers and other data. The attack 
was traced to the Islamic Republic of Iran. The age of cyber warfare is here, and 
all aviation security practitioners must educate themselves and establish defenses 
to protect against such attacks on aviation. 


INFRASTRUCTURE 


Attacks on the critical infrastructure of the country relate to the aviation community 
in a variety of ways. Aviation and airports are considered critical infrastructure, 
along with the communication channels needed to interact with aircraft in flight. 
Ervin is the former inspector general for the DHS and states: 


Certain sites and sectors are defined as “critical infrastructure” because their 
functionality is necessary to the security, prosperity, and psyche of a nation. 
The Administration has designated the following sectors as critical 
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infrastructure: agriculture and food, water, public health, emergency services, 
the defense industrial base, telecommunications, energy, transportation, 
banking and finance, chemicals and hazardous materials, postal and shipping 
services. In addition, certain national monuments and icons such as the 
Washington Monument and the Statue of Liberty, certain government facilities 
and certain private buildings are defined as “key assets” because they are 
likewise critical to the psychic well-being and stability of the nation. 

Ervin, 2006, p. 145 


An attack on a power plant could leave an airport without the power necessary 
to distribute to air traffic control, runway lighting access control, and CCTV 
systems. Most commercial service airports and some GA airports have backup 
generators for essential areas, such as air traffic control and runway lights. 
However, these generators are normally not capable of running the remaining 
areas needed for an airport to function, such as heating and air conditioning, light- 
ing for the terminal buildings, and power to the baggage movement and security 
screening systems. Much of the US infrastructure, including air traffic control, 
emergency first responders, the financial sector, and airport security systems, rely 
on computers. A cyber-attack could produce devastating results to these and 
many other systems. Much of the world’s air traffic control system is based on 
computer information and communication systems. 

Within the digital age, the protection of computer systems is essential. Police, 
fire, and EMS agencies are notified and dispatched through the telecommunica- 
tions systems and through computer-aided dispatch computers with satellite 
information systems. According to the 2000 Computer Crime and Security 
Survey, 90% of respondents, mostly large corporations and government agencies, 
detected computer security breaches within a 12-month period (Christen and 
Maniscalco, 2002). There has been a long history of attacks on computer systems, 
within both the government and the private sector. The US DOD now includes 
information warfare as the fourth battlefield, joining land, sea, and air. 

In The Edge of Disaster, Stephen Flynn (2007) provided four suggestions for 
protecting critical infrastructure. These suggestions are also helpful for protecting 
against cyber-attacks. 


1. Constructing physical defenses, such as cement barricades, target hardening, 
access control systems, standoff distances, and so on. 

2. Providing redundancy, such as backup computers and data files (located 
offsite), or supplemental systems that automatically start when primary 
systems fail. Redundancy in facilities and other infrastructure that are easily 
accessible to security personnel should be considered. 

3. Rapidly repairing damage. A quickly reparable system or other form of 
infrastructure is less valuable to terrorists and criminals. 

4. Reengineering to improve security by relocating infrastructure or systems to 
safer areas. Reengineering also includes designing resiliency into structures 
and systems. 


Counterterrorism: Terrorism Defense Planning 


Ultimately, protecting the aviation system from asymmetrical attacks will take 
foresight and action before an attack occurs. Aviation security practitioners should 
assess the areas that would be impacted by the various attacks noted here and 
develop contingencies for such attacks. 


COUNTERTERRORISM: TERRORISM DEFENSE PLANNING 


This section discusses the methods and options for aviation security practitioners 
to use before, during, and after a security emergency. It is largely based on 
published emergency management models and the National Incident Management 
System (NIMS). Airport security personnel along with law enforcement and other 
emergency workers are expected to be trained in the NIMS functions. To benefit 
fully from this section, it is recommended that you complete the NIMS training 
modules available at www.fema.gov. 


EMERGENCY MANAGEMENT CYCLE 


There are three elements to the emergency management cycle: mitigation/ 
preparedness, response, and recovery. 


Mitigation/preparedness 

The mitigation phase encompasses the actions taken to either prevent an attack or 
mitigate the effects of an attack. Mitigation strategies as they relate to the aviation 
security function can include the following: 


1. Conducting threat and vulnerability analyses of facilities and infrastructure. 

2. Reinforcing structures such as the terminal building, installing safety glass, 
and locating parking away from the terminal building or airline 
administrative offices. 

3. Monitoring new hazards and intelligence information. 

4. Keeping abreast of security activity through industry publications, security 
newsletters, and communication with the federal security director. 

5. Following codes and ordinances (building and zoning, fire, and hazmat). 

6. Imposing financial penalties or offering incentives to airport tenants, aircraft 
operators, vendors, contractors, and employees who do not adhere to security 
rules. 

7. Consistently enforcing rules, inspections, patrols, and violation notices. 

8. Providing security awareness training for airport and aircraft operator 
personnel. 

9. Building partnerships and relationships with other airport tenants and 
emergency responders. 

10. Ensuring sprinkler and alarm systems are fully functional and have backups. 
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A critical mitigation function is the threat and vulnerability assessment. 
Aviation security practitioners should conduct a hazard identification to determine 
the full range of natural disasters and manufactured incidents that can affect their 
facility. Natural disasters can have a severe effect on security management. 
Outside resources should be identified as part of this assessment, along with their 
capabilities. 

Preparedness consists of leadership, training, readiness, exercise support, and 
technical and financial assistance to strengthen emergency workers and the com- 
munity as they prepare for disasters. Training, exercises, and acquiring the 
resources to support emergency operations are core functions of preparedness in 
an emergency operations plan (EOP). 

Once the EOP is drafted, it must be exercised. It is typical for airport operators 
to exercise only the hijack section of an EOP. Aviation security practitioners 
should also focus on exercising other elements of the plan, such as those related 
to a bomb threat in the terminal or onboard an aircraft, an armed assault in the 
terminal building, or an attempted penetration via the airport perimeter. Federal 
regulations require that EOP exercises are conducted at least once a year and that 
a full-scale exercise is conducted every third year. 


Response 


The response component of emergency management encompasses those actions 
taken during an emergency. Response begins when an agency is notified of an 
emergency and is usually characterized by the activation of the ICS. Response 
covers four stages: 


Alerting and notifying other emergency response agencies. 

Warning the public. 

Protecting citizens and property. 

Providing for the public welfare, followed by beginning the restoration of 
normal services. 


RO NS 


Recovery 


Recovery involves those activities that are necessary to restore normal operations. 
Recovery is divided into two phases: short term and long term. Short-term recovery 
often overlaps with the response phase as agencies begin to restore interrupted 
public services and reestablish transportation routes, such as resuming flights. 
Long-term recovery may continue for months or years while facilities are 
reconstructed and the impact of the event is analyzed. During long-term recovery, 
processes to mitigate future occurrences need to be developed. 

Another component of the recovery phase is financial assistance and recovering 
money and resources lost during the event. It is imperative that a careful accounting 
is made of monies spent, resources used, and personnel from outside agencies 
that provided assistance, so that insurance companies and the FEMA can provide 
adequate funds to cover losses. 


Conclusions 


NATIONAL RESPONSE FRAMEWORK? 


The National Response Framework (NRF) applies to natural disasters and terrorist 
attacks as defined in the Robert T. Stafford Disaster Relief Assistance Act.'° It 
can also be invoked when the US president determines that federal assistance is 
needed to respond to a local event. The plan applies to numerous federal agencies 
and the American Red Cross. FEMA has the responsibility for managing the 
response plan and for conducting federal preparedness, planning and management, 
and disaster assistance. 


NATIONAL INCIDENT MANAGEMENT SYSTEM 


In 2003, Homeland Security Presidential Directive-5 was issued, which directed 
the secretary of the DHS to develop and administer an NIMS. NIMS provides a 
consistent nationwide template to enable all governmental, private-sector, 
and nongovernmental organizations to work together during domestic incidents. 
NIMS lays out the basic concepts of incident management and includes compre- 
hensive sections on preparedness, resource management, communications, sup- 
porting technologies, and the ICS structure: operations, planning, logistics, 
administration, and command. 


CONCLUSIONS 


As threats from terrorist and criminals continue to evolve, so must our responses 
to those threats. Before 9/11, our defense strategies against terrorists or criminals 
remained essentially the same. Since 9/11, the progressive and unconventional 
methods of criminals, especially terrorists, have caused the aviation security 
industry to evolve in planning and implementing new security measures that can 
mitigate future attacks. 

As a result, aviation security is now a highly dynamic and complex system of 
layers containing policies, strategies, tools, and processes. We must now look to 
the future and use these resources to anticipate emerging threats. Our prime goal 
in aviation security is to employ security professionals who strive for maximum 
effectiveness in their areas of responsibilities. Above all, it is essential that 
aviation security professionals work toward the continuous development of 
sustainable methods and technologies that can detect, deter, and respond to exist- 
ing and new threats. 





°The NRP was renamed the National Response Framework. 
!ONRP is also known as the Federal Response Plan (Framework). It is more akin to a resource 
guide than a specific plan. 
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AIRPORT POLICING OPTIONS AND CAUTIONS 


Bernard J. Wilson 
Chief of Police (Retired), Los Angeles World Airports 


While the organizational options of this paper deal primarily with US airports, some of the 
cautions are applicable worldwide. 

In the United States, airport operators are responsible for supplying a trained and qualified law 
enforcement component as part of their aviation security responsibilities. Generally speaking, this 
comes down to making a choice between four options, with each of those containing a potential 
common trap. 


1. A dedicated airport policing organization, with full police training, authority and equipment, 
assigned to and under the control of the airport operator. 

2. Reimbursing the local city/county/state policing organization for assigning officers to the 
airport. 

3. Having Aircraft Rescue and Firefighting (ARFF) personnel cross-trained in law enforcement 
and security functions. 

4. A hybrid approach, where off-airport law enforcement agencies are reimbursed for limited 
staffing at airports, while an airport-only “police” organization is dedicated strictly to airside 
safety and terminal aviation security functions. 


When it comes down to choosing which of the options to use, the single greatest factor is 
rarely “best fit” or “optimum policing/security levels.” Instead, the focus is, all too often, on cost. 
After all, airports already have a lot of money tied up in security related expenses. Perimeter 
fencing, cameras, building design to accommodate passenger screening and luggage screening, 
access control systems, all of those cost money and none of them readily lend themselves to cost 
cutting. Meanwhile, a close read of the Airport Security Program requirements for LEO staffing, 
at first glance, leaves room for cost cutting. After all, the majority of the time, the airport 
functions quite well and LEOs are only needed for rare emergencies and response to passenger 
screening incidents when called by TSA. Or so it would seem. 

The reality is far more complicated. In addition to the TSA requirements, airport operators 
also need an internal security operation and absolutely need to ensure that airport users, including 
passengers, employees, and vendors, are in a safe and secure environment. 

When making the decision as to which staffing option to use, it might be helpful to consider 
this: of the four options given here, everyone except the first one will result in only a part-time 
approach to effective airport policing. This is not meant to demean the well-trained and dedicated 
officers from agencies representing the other three options. It is simply recognizing that officers 
assigned to a dedicated airport policing organization have their very careers at stake when they 
perform their duties. The airport is their “beat.” 

With off-airport agencies, the airport is simply one of many assignments in a career. At some 
airports using this concept, it is not unusual to see a new commanding officer report to the airport 
assignment, not knowing anything about aviation security, federal requirements, ICAO 
requirements, or how to fit his or her organization into the multifaceted airport community. Even 
after the passage of time, when that knowledge is acquired after gaining exposure and experience, 
the risk is always there that another assignment or promotion will beckon. 

Taking ARFF firefighters and overlaying additional security and police duties on them can 
also be problematic. In many cases, firefighters are already cross-trained as paramedics or EMTs. 
Is it wise to impose another professional discipline on them? Then, what happens if there is a fire 
or HAZMAT incident? In most cases, it is the police that provides perimeter control to the 
incident—how can that be done when the “police” are actually the responders to the incident 
along with the fire apparatus? Worse—if imposing another professional discipline on firefighters 
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was not bad enough already, what does that do to the fire supervisors, usually captains? The first level 
of supervision in the fire service provides direction and guidance in a highly technical field. The first 
level of supervision in policing does the same and provides expert guidance in a criminal justice field. 
Is it reasonable to expect fire captains to possess advanced fire technical knowledge, and advanced 
EMS knowledge, and advanced policing knowledge? Lastly, the typical fire 24-hour staffing model 
means that the actual monthly policing deployment of a cross-trained firefighter/police officer would 
be a fraction of the hours realized by a full time police officer. Think about it—there is probably a 
reason why we do not staff airport electrician shops with cross-trained plumbers! 

The final choice, the hybrid of some police plus some airport people for limited policing and 
security functions is probably the worst of them all, for one simple reason. In almost every case 
where this has been tried, the primary driving factor is cost. Even the training hours provided to 
the airport people augmenting the police has been diminished, resulting in “police officers” who 
have the title, but not the training to meet public expectations. 

Earlier, a potential trap was mentioned which could be applicable to any of the options. It is, 
unfortunately, a short-sighted yet attractive trap. Simply put, it is thinking that police officers 
assigned to airport functions somehow do not need full police training, or that aviation security 
training can be substituted for regular police training. This “give them just enough training, pay 
and equipment for the airport” approach is a trap that can lead to long-term problems and even 
tragic consequences. A better approach would be to give those police officers the same training, 
pay and equipment as off-airport agencies receive, then add the aviation security components to 
that. There is no way of knowing when an airport police officer might need what are mistakenly 
perceived as “non-airport related” skills. Domestic violence? Yes, that happens at airports. Child 
custody issues? Yes, in fact, there have been many cases involving parental child abduction that 
get noticed and resolved at airports. Thefts, assaults, murders, robberies all happen at airports. 
Perhaps not every day, but when they happen, they happen quickly and require immediate trained 
response by people equipped to deal with them. Then, of course, there are terrorist attack 
possibilities, which most certainly have happened and will happen at airports. If an airport police 
agency cannot adequately respond to an assault, or a robbery, what perception problems would be 
created in their ability to deter or combat terrorism? 

Every airport has its needs and its priorities, so every airport makes its own choice in this. 
When that choice is made, what would be better in the long run? Choosing the lowest cost option, 
providing to-the-letter compliance with federal security requirements? Or choosing the most 


professional option, providing the best levels of service, security and safety to the traveling 
public, addressing security requirements and reassuring travelers that public safety is paramount? 

A dictum to remember and take to heart is: Policing on the cheap is the “golden ticket” for 
opposing counsel trying to establish liability. You can pay litigants and their lawyers later, or you can 
pay up front for police professionalism as a matter of policy. In the long run, considering the world- 
wide impact of airport policing effectiveness or shortcomings, professionalism is usually the better 
bargain. 
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OBJECTIVES 


In this chapter, the methods and theories related to security operations, including 
airport policing, private security officers in the aviation environment, and security 
functions of airport operations and other personnel are described. Aviation 
security is a multilayered system, but at each airport, certain personnel are respon- 
sible for the day-to-day monitoring of, and response to, threats. Within the 
aviation environment, security and law enforcement personnel must also recog- 
nize that “airports mean business,’ which infers that there is an economic and 
public relations component, as well as a protection and response component. 


INTRODUCTION 


Being able to counter existing and emerging threats requires developing processes 
to detect and deter a threat. Implementing systems to respond to an exercised 
threat is also a required concern of aviation security. Some security practitioners 
consider that there is little difference between countering and responding to a 
terrorist attack as compared to more traditional criminal activities. The strategies 
for deterring, detecting, and responding to each are largely similar; the difference 
is primarily one of scale. 

Typically, traditional criminal activity produces limited damage or destruction 
to life and property. In contrast, a large coordinated terrorist attack conducted by 
highly trained individuals can cause far more damage and require larger response 
measures and longer recovery periods. As globalization and technologies enable 
knowledge and information to disseminate, terrorists are able to adapt to new secu- 
rity measures. Security practitioners must continuously be prepared to anticipate the 
capabilities of each new generation of terrorist. 





AVIATION POLICING STRATEGIES 


The motto, “Airports Mean Business” was once printed on the side of patrol cars at 
the Los Angeles International Airport in California. It is a reminder to the hundreds 
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of dedicated security and law enforcement personnel at the airport that while threats 
require an immediate response, how they enforce the laws and rules at the airport 
can impact the bottom line of the facility. It is a difficult job when they have to 
respond to a suspicious bag, as the cop inside of them says to evacuate, take no 
chances, and call in explosive ordinance disposal, while the airport manager inside 
of them has to mitigate that response with the likelihood that the unattended bag is 
probably not a bomb, and that any evacuation will shut down businesses, cause 
flight delays and cancellations, and have a lasting and exponential impact on the 
bottom line of not only the airport but tenants and air carriers. Also, the national 
airspace system police officers already have to make life and death decisions, often 
within seconds, but few have considered that their actions could impact the entire 
global aviation system. An action taken by a police officer in Los Angeles can truly 
have a butterfly effect in Beijing, China in a matter of hours. 

A significant part of the day-to-day concerns of airport security and airline 
security personnel focuses on routine crimes, such as theft and assault. Airports 
are in many ways similar to small cities. A major commercial service airport has 
its own police force, fire department, and emergency medical and first aid 
services. It has businesses, tenants, and thousands of stakeholders who are not 
necessarily passengers (eg, airport, airline, and government personnel; baggage 
handlers; fast-food workers; janitorial staff). Airports often host tens of thousands 
of transient passengers daily. Like any town or city, an airport must respond to 
its own criminal elements, both internal and visiting. Criminals are adept at 
exploiting vulnerabilities and whenever there are valuable goods for the taking, 
there will inevitably be criminal activities (Table 12.1). 

Property theft is by far the most prevalent crime at an airport and includes 
baggage theft, vehicle theft (from the parking lot or landside areas), and burglaries. 
Criminals rely on passengers being nervous. Although in unfamiliar surroundings, 
passengers will frequently leave their luggage unattended, which is the criminal’s 
desired outcome. 

Duane McGray, executive director of the Airport Law Enforcement Agencies 
Network (ALEAN), has written extensively on the differences between airport law 
enforcement and municipal police departments. McGray notes that municipal police 
departments focus on three primary areas—calls for service, violent crime, and 
public service—whereas airport policing involves more police service, physical 
security, and customer service: 


Urban police officers are frequently placed on the front lines in the war 
against drugs, violent crime and cultural diversity. The requirements of the job 
require personalities that tend to be adrenalin driven. Former military person- 
nel normally are well suited for the urban police culture. The paramilitary 
demands of the job tend to reinforce personality types who see themselves as 
warriors fighting on a domestic front. They believe they are the “Thin Blue 
Line.” Police departments have developed Special Weapons and Tactics Teams 
(SWAT), Street Narcotics Units and Tactical Patrol Units as tools to cope with 
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their challenges. Police are expected to be service providers, protectors, social 
workers, security guards, psychologists, baby sitters, sanitary workers and 
anything else needed at a given time. Airport law enforcement tends to deal 
more with white-collar crime such as credit card fraud, ticket fraud, pickpock- 
ets, and distraction thieves, employees of airport businesses who victimize their 
employers. The issues addressed by airport police tend to be commercial in 
nature rather than the violent crimes confronted by their municipal counter- 
parts. A very large component of airport policing is by nature devoted to 
public assistance, which is directed toward customers and therefore is more 
specific than generalized public service delivered at the municipal level. 
Expectations tend to be along the lines of traditional security roles. 

McGray, n.d., p. 15 


With the increased threat of terrorism in aviation, airport law enforcement 
personnel must be focused on terrorist surveillance and attack methods, and 
trained in counterterrorism methods such as suspicious awareness and active 
shooter. Whereas a report of a suspicious person for a municipal officer is a 
common occurrence that may not always receive the highest priority, a report of a 
suspicious individual at an airport may have more serious consequences. 


Table 12.1 Types of Crimes Experienced at Airports 


e Robberies of cash facilities such as banks and ATMs 


e Armed robbery of individuals and airport tenants outside of the sterile area, including 
in the parking lots 


Vandalism 

Pickpocketing 

Disturbing the peace 

Drunk and disorderly conduct 


Forgery of documents (primarily related to the application of an airport access/ID 
credential) 


e Theft from catering and supply trucks (often by employees) 
¢ Tool and parts theft from aircraft maintenance hangars (again, often by employees) 


e Possession of a prohibited item (either prohibited by federal law, as in trying to gain 
access through a screening area checkpoint, or prohibited by local statue) 
Solicitation, often in the form of unauthorized ground transportation providers such 
as taxicabs and limousine operators 

Prostitution 

Drug smuggling 

e Human trafficking 

Shoplifting 

Identity theft— usually in association with another crime such as stealing a laptop, 
personal digital assistant, cell phone, wallet, or purse 

e Rare: homicides, rapes, and kidnapings 
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Airport policing also requires a type of officer who is more aligned with 
protecting critical infrastructure, responding to security violations at the check- 
point and on inbound aircraft, and irate passengers (McGray, n.d., p. 16). At some 
airports, like Los Angeles International, airport police officers must be both 
airport-oriented and municipal-oriented as their jurisdiction extends into the 
immediate surrounding community. At the Port Authority of New York and New 
Jersey, Port Authority law enforcement officers were also cross-trained in aircraft 
rescue and firefighting and rotate assignments as first responders in both capaci- 
ties (the organization is informally referred to as “Guns and Hoses”). The 
PANYNJ has since ceased this cross-utilization of personnel, but they continue to 
train Port Authority officers in both areas. 

Airport police are often thrust into a customer-service role as uniformed police 
officers are often the most visible symbols of authority who passengers can 
approach for assistance. While attempting to provide customer service, airport 
police must also attempt to distinguish between a regular passenger and someone 
who may be a terrorist, mentally ill, or a wanted criminal. 

With the unique skill set required by airport police officers, the ideal officer 
may not be the one who recently graduated from the police academy and is look- 
ing for a lot of action (what police officers often refer to as “big badge” or “blue 
light fever”). Officers with good customer-service skills, good observation skills, 
and who can distinguish between threatening behavior and upset passengers can 
be effective candidates for airport policing. Airport police chiefs must also work 
to develop an organizational climate where police officers believe they are part of 
a larger team. While the airport police department is an important part of the 
entire airport organization, it is not more important than the other parts (McGray, 
n.d., p. 18)—airport fire responds to emergency situations to save lives as do air- 
port operations personnel. Airport maintenance personnel ensure the airfield is 
safe for landing and departing aircraft, while planners, engineers, IT professionals, 
and others all serve vital roles in the smooth, safe, secure, and efficient operation 
of an airport. McGray suggests a profile for recruiting officers who would do 
better in an airport, including: 


1. Selecting officers who have a demonstrated work history of customer service. 

2. Selecting officers with maturity and life experience. 

3. Match potential airport police officers with finding individuals who will fit 
into the organizational culture and become like family members, similar to the 
Southwest Airlines hiring model, where individuals are hired who can not 
only do the job, but fit into the corporate culture. 

4. Use personality tests to identify steady personality with excellent people 
skills, rather than thrill seekers. 

5. Using an interview process that ferrets out negative people. 


Another issue related to airport policing is the vulnerability assessment process 
and the prioritization of certain elements of the airport that should be more heavily 
protected, to ensure the safety of passengers and the continuity of business. 


Aviation Policing Strategies 


McGray implemented a model at Nashville International Airport in Tennessee, 
conducting extensive risk analysis and dividing the entire airport into three critical 
zones: the Red Zone, the Amber Zone, and the Green Zone (McGray, n.d., 
pp. 36—37). A formal program was then designed that included sworn and armed 
police officers and civilian security officer personnel to inspect the zones based on 
a formula aimed at setting priorities to protect critical assets. McGray’s airport 
critical zones are defined as follows: 


1. The Red Zone includes all assets critical so there is uninterrupted operation of 
passenger operations. 

2. The Amber Zone includes areas involving airport assets and infrastructure, but 
that are not critical to the airport’s core business, such as parking lots, general 
aviation (GA), and cargo areas. 

3. The Green Zone includes all airport-owned assets that have no direct impact 
on commercial passenger flights. 


Community-based policing is another strategy that McGray suggests as an 
important tool in both crime prevention and the fight against terrorist activity. An 
airport should have an effective Airport Watch program and working partnerships 
between airport police and tenants, which encourages training of personnel in 
basic security and crime prevention techniques such as landside vehicle operators, 
tenants, retail clerks, airline employees, screeners, etc., who can all become the 
eyes and ears of the airport. 

Security operations airport policing has often been compared to community 
policing. Community policing is a philosophy that supports the use of partner- 
ships and problem-solving techniques to address the conditions that give rise to 
criminal activity (Fennelly, 2012). A good community partnership is a collabora- 
tive agreement between law enforcement, individuals, and organizations in the 
community to develop solutions to problems and increase trust in the police. 
Translated to the airport environment, the airlines, airport management, tenants, 
vendors, contractors, and even passengers are all members of an integrated 
community and all have a vested interest in the protection against both criminal 
and terrorist threats (Fennelly, 2012). 

Community policing stresses proactive problem solving instead of reacting to 
problems, which makes it a perfect environment for the airport (Fennelly, 2012). 
One method of this, in terms of crime prevention, is to study calls for service or 
analyze patterns of criminal activity, such as theft in certain parking lots or work 
areas. This strategy can also be used by airport security personnel in analyzing 
security violations, such as doors left open repeatedly or excessive piggybacking, 
allowing the security department to focus on those trouble spots. Another example 
can be with particular tenants, such as contractors, who seem to have high 
levels of violations, which can point to a training, management, or contract per- 
formance issue. 

The SARA problem solving model is a common formula for solving problems 
in law enforcement agencies. SARA stands for scanning (identifying and 
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prioritizing problems), analysis (researching what is known about the problem), 
response (developing solutions), and assessment (evaluating the success of the 
program) (Fennelly, 2012). Underlying causes are also examined, leading to find 
positive impacts on a problem such as the total elimination of the problem, fewer 
incidents, less serious incidents, improved response to the problem, and shift of 
the problem to someone more able to address it, like a gang intervention unit or 
training or social programs. 

In addition to a community policing paradigm, airport security can also 
incorporate concepts from the crime prevention through environmental design 
(CPTED) body of work. The rationale behind CPTED is that there are five 
methods that affect the decision-making process of an offender or a potential 
offender (Fennelly, 2012): 


1. Increasing the effort needed to commit a crime (target hardening, access 
controls, screening, and reduce access ability for offenders). 

2. Increasing the risks of the crime (additional patrols and surveillance, closed- 
caption television (CCTV), reduce anonymity, and alarms). 

3. Reducing the rewards of the crime (conceal or remove targets of opportunity, 
identify property, disrupt trade of the illegal good, and deny benefits through 
the disabling of technology once illegally obtained). 

4. Reducing provocations (reduce frustration and stress, avoid disputes, reduce 
temptation and arousal, neutralize peer pressure, and discourage imitation). 

5. Removing excuses enabling crime opportunity (set rules, post instructions, 
alert conscience (roadside speed boards is one good example), assist in 
compliance, and control drugs and alcohol). 


SECURITY MANAGEMENT SYSTEMS 


Risk is a subjective concept that needs to be qualified on an individual basis 
(Sennewald, 2011). The risk management program quantifies, qualifies, and 
mitigates concerns for an organization, such as an airport or air carrier 
(Sennewald, 2011). In the aviation industry risk is a shared responsibility among 
airports, airlines, and the Transportation Security Administration (TSA). While it 
is an ethical responsibility of every airport security manager to conduct a vulnera- 
bility assessment, the TSA has also conducted a variety of other assessments 
locally, nationally, and even on specific types of attacks, such as surface-to-air 
missiles, and has developed response plans and contingencies. Airport and air 
carrier security personnel should be familiar with these contingencies and incident 
response plans to ensure they do not conflict with their own plans. 

The industry has been adopting safety management systems (SMSs) as a way 
to increase safety throughout the aviation industry. Although it is a relatively new 
term, another international concept that is slowly gaining widespread acceptance 
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is SeMS, security management system. Using the concept of SMSs, there are four 
elements to an SeMS: 


Security policy 

Security risk management 
Security assurance 
Security promotion 


DON = 


Each of the above elements relates to the fundamentals of risk management, 
which are risk analysis, risk assessment and tracking, risk mitigation, and risk 
reporting, but each have been rephrased in the SeMS vocabulary. 

Security policy is management’s written commitment to provide a secure 
environment. More than just a mission statement, this written commitment repre- 
sents, ideally, the provision of adequate funding and focus on security. One actual 
example where management has made a commitment to security and consistently 
follows up is the daily 8:30 am meeting at Boston Logan International Airport in 
Massachusetts, which is focused on security. 

Security risk management is the process of identifying potential risks, qualifying 
each risk as to whether it actually exists, determining the probability of it occurring, 
and determining its impact and the total effect. Once risks have been identified, this 
process seeks to either eliminate or reduce the potential of the occurrence or 
reduce the damage through the implementation of security measures. Vulnerability 
assessments are common tools to assess risk at the airport. 

Security assurance consists of conducting audits, tests of the system, and 
frequent reviews to determine systems and procedures are functioning correctly. 
The security audit process also includes enforcement and an anonymous reporting 
system. Enforcement tools, such as violation notices to employees for violating 
an airport security rule or regulation, and airport challenge programs where 
employees challenge others they see not wearing an airport access/ID badge, 
are good examples. Even better is the incentive-based challenge program where 
authorized members of the airport security department conduct random tests to 
determine if employees are indeed challenging. 

Security promotion includes both physical promotions, such as newsletters, 
posters, and other visual reminders, but also promotes the culture of security within 
the organization. The See Something, Say Something and Airport Watch programs 
are good examples. Qualifying the risk involves determining whether the facility 
has been prone to a particular type of incident in the past or whether there have 
been other occurrences of the same type at similar facilities. In the aviation sector, 
the significant risks are well documented (bombings, hijackings, etc.), but 
lesser crimes can also be assessed in this manner, and determining whether an 
airport or air carrier is likely to experience a significant attack can also be linked to 
whether other airports or aircraft are experiencing those types of attacks. For 
example, when a suicide bomber detonated a device within the terminal building in 
Moscow’s Domodedovo airport that could increase the risk to other airports of 
experiencing the same type of attack. 
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According to the American Society of Industrial Security’s (ASIS) General 
Security Risk Assessment Guidelines (ASIS, 2003), security assessments follow a 
nine-step process. Throughout these steps, risks are determined, assessed for their 
possible consequences and potential frequency, and mitigation and preparedness 
steps are taken. The assessment loop closes with reevaluation of the entire 
process. The process in the aviation domain must be viewed from a system’s 
perspective, with the additional knowledge that threats to aviation are often less 
associated with loss prevention, rather than with the loss of life or critical infra- 
structure to the United States. The steps are: 


Identify assets 

Specify loss events (types of hazards, human-made, natural) 

Determine the potential frequency of such events 

Determine the impact of the events 

Identify options to mitigate (ie, prevent, minimize damage, or accelerate 
recovery cycle) 

Determine the feasibility of options 

Perform cost—benefit analysis 

Decide which options to pursue 

Reassessment 
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ASIS recommends that the first step in any risk assessment is to develop an 
understanding of the people, the assets at risk, and the system in place (ASIS, 
2003, p. 6). Security personnel must understand that protecting an airport and 
aircraft is markedly different than protecting an office building, nuclear facility, or 
Department of Defense (DOD) site. An airport is effectively a building with a huge 
back door. Security personnel have limited control over who can access the airfield 
(ie, what aircraft land) and how those individuals have been screened or what 
materials or items they may be bringing into the facility. Additionally, an airport is 
designed as a throughput process, not a closed-loop. In many nonaviation-related 
site assessments it is typically not required that the assessor have a complete 
understanding of how the entire business functions. In the aviation domain it is 
critical to understand three key components: 


1. The purpose of the transportation system and how people, baggage, materials, 
and personnel enter and exit the facility. 

2. The layered security system and the ways that airports, airlines, and the TSA 
function symbiotically to protect a complex supply-chain system. 

3. The purpose of commercial aviation is to facilitate commerce, so policies and 
procedures that eliminate the ability of the system to perform its core function 
may achieve the result the terrorists are looking for with their attacks. 


Understanding the organization includes the assets: people, property, core 
business, networks, and information (ASIS, 2003, p. 6). The security practitioner 
must understand the hours of operation of the airport, including the early-morning 
and late-night cargo flights, and the various times of day that international traffic 
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departs and arrives along with the domestic flight banks. They must also understand 
the nature of the tenants, vendors, caterers, the GA facility, the fuel farm, and 
airline maintenance operations, along with any private facilities such as corporate 
or charter aircraft operations. 

The vulnerability assessment should include both traditional forms of aviation 
terrorism, bombings, hijackings, active shooter, and criminal activity. The vulnerabil- 
ity assessment should also take into account the history of previous incidents and 
occurrences, along with police reports, crime rates, and intelligence and information 
on threats and criminal activities. Upon identification, each risk must be assessed a 
potential consequence and a probability. The highest probable events with the 
greatest consequence should naturally be addressed first. There should be options to 
mitigate risk, such as more patrols, physical security measures, CCTV monitoring, 
and additional insurance. Cost—benefit analyses are then conducted on each 
measure, and measures are selected, implemented, and evaluated for effectiveness. 

ASIS suggests the use of formulas to determine the probability of an event, its 
consequences, its frequency, and so on. In the aviation domain, particularly with 
respect to terrorist activities, these models may need to be adjusted based more 
on the potential threat than on actual prior incidents. Had a risk analysis been 
conducted on the probability of individuals hijacking four aircraft and crashing 
them into structures, the probability and frequency would likely have been so low 
that mitigation steps would not even be considered. However, the fact that these 
types of attacks are now part of the national threat matrix reminds security 
personnel that even though the probability and frequency of a certain type of 
attack may be nominal, the consequences are significant and appropriate measures 
should still be taken, regardless of the outcomes of the formulas. 

Another component to an SeMS is the implementation of a daily airport self- 
inspection security procedure. Under Title 14 CFR Part 139, commercial service 
airports perform a variety of self-inspections to ensure the airport meets the regu- 
latory safety requirements. Considering that airport operations personnel, indivi- 
duals who are generally most familiar with the day-to-day operations of the 
facility, often conduct this self-inspection, it may be beneficial to provide them 
with a security self-inspection checklist. Airport police and security personnel can 
also use the list to supplement their patrols. 

The Part 139 self-inspection process includes four types of inspections: regular 
(performed at least once a day), continuous (performed any time they are in the 
airfield), periodic (detailed inspections of certain facilities, such as the fuel farm), 
and special (performed anytime there is an incident or condition other than 
normal operations, such as snow removal, wildlife on the airfield, or foreign 
object debris on the runway). 

The regular security inspection should include all areas of the airport perimeter, 
gates, and key access points, both in the airfield and within the terminal building. 
Screening checkpoints should be at landside loading and unloading areas, special- 
use areas such as GA and air cargo, US post office access points, employee access 
gates, loading dock areas, and any other area identified by a vulnerability 
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assessment. The regular security inspection checklist can start as a baseline but 
should be developed for each facility, keeping in mind that this type of inspection 
should only take a small part of time, not the entire shift. 

Continuous inspection items would include checking personnel for wearing 
the proper identification in the secure identification area (SIDA), monitoring 
construction activities to ensure individuals are staying within predefined areas, 
ensuring personnel without proper identification are being properly escorted, 
monitoring ramp-side passenger loading and unloading operations (typically in 
the regional/commuter area where passengers are accessing aircraft by walking 
across a ramp), and the observation of individuals moving through the facility. 

Periodic inspections, more likely conducted by security personnel rather than 
airport operations personnel, should include close inspection of the airport 
perimeter fence, gate operation, and other areas as defined in a vulnerability assess- 
ment that are critical to the operation of the security system. Special inspections 
should be conducted any time there has been a security breach of a checkpoint, 
door, or gate that accesses a security area; for reports of suspicious individuals or 
activities; and before the end of any construction activity for the day. International 
Civil Aviation Organization’s Standards and Recommended Practices provides a 
lengthy security audit checklist that should be consulted in the development of a 
security self-inspection program. 


AIRPORT CRIMES 


Airports also experience theft and a variety of other crimes. Airport theft primarily 
occurs in the terminal and concourse areas, at screening checkpoints, and in the 
parking lots. Many airport thefts are preventable opportunity thefts, which happen 
when victims have either left vehicles unlocked or left baggage unattended. Purses, 
laptops and other electronics, jewelry, credit cards, and cash are items commonly 
stolen from baggage. In addition to the vehicle itself, installed electronic equipment 
is commonly stolen in parking areas. Distraction crimes and unattended baggage 
crimes are common in terminal buildings. When passengers leave bags unattended 
or their attention is focused elsewhere, their personal belongings are at risk of theft. 


BAGGAGE THEFT 


Opportunities for baggage theft, particularly by aviation employees, are frequent. 
Airport and airline employees with sufficient time to search a bag’s contents can 
handle a checked bag multiple times. Because of the frequent theft of contents placed 
in checked baggage, passengers believe that if you do not want to lose it and it cannot 
be replaced, do not put it in checked baggage. Security regulations are requiring 
more items to be placed in checked baggage. Therefore, it is becoming increasingly 
difficult for travelers to protect their belongings. 


Airport Crimes 


Shortly after the airline liquid bomb plot was discovered in 2006 in London, 
the restrictions placed on items that could be carried onboard were so onerous 
that the amount of checked baggage increased by an average of 20% per airline 
worldwide. In Great Britain, where the carry-on restrictions forced travelers to 
check laptop computers, cell phones, and even car keys, the fallout by passengers 
was tremendous. Proprietary and confidential company information is often 
compromised when a laptop computer is stolen. The theft of cell phones and car 
keys can lead criminals to the homes and property of victims. At the very least, 
the theft or loss of car keys can leave a traveler stranded at his or her home 
airport. The increased value of the items left in lost luggage shortly after the 
restrictions went into effect caused a significant increase in looting by airline and 
airport workers (Rose, 2006). 

Employees within the airport infrastructure, including airline baggage handlers 
and security screening personnel, commit most baggage and cargo thefts. What 
makes detecting this kind of crime difficult is that these people have a legitimate 
need to access baggage, particularly security screening personnel who have the 
authority to open a bag if they believe that a physical search of the contents is 
warranted to ensure the security of a flight. Some examples of theft by aviation 
workers include: 


1. In February 2004, Toronto, Canada, police cracked a multimillion-dollar theft 
ring with more than a dozen airline employees being arrested for theft. The 
stolen goods included jewelry and electronic equipment. Before the theft ring 
was shut down, the criminals had sold approximately $500,000 in stolen 
goods through Web sales. 

2. In 2007, two baggage handlers in Seattle, WA, were arrested for stealing 
laptop computers, DVD players, and video cameras from passengers’ 
baggage. 

3. Theft by federal screeners, although rare, also occurs. More than 170,000 
travelers had filed baggage theft claims with the TSA by 2004. By 2005, at 
least 60 of the TSA’s 43,000 screeners had been terminated for theft. 
Although the percentage losing jobs for stealing is miniscule, the perception 
by the public is that federal security personnel charged with protecting 
passengers from terrorism are also stealing from their baggage. 

4. Prevention of baggage theft is a high priority of airline security personnel. 
Airline employees have the most unfettered access to passenger baggage and 
cargo. Baggage missing an assigned flight is stored in an airline baggage 
holding office, which means that it is particularly susceptible to theft as it is 
out of public view. Theft from air cargo shipments is also a problem, because 
airline employees often have unsupervised time in which to browse through 
cargo shipments before the items are transferred to the aircraft. 


Strategies for preventing baggage and cargo theft include better background 
checks of personnel, the use of CCTV in baggage-handling and storage areas, and 
employee awareness programs. 
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AIR CARGO THEFT 


Protecting air cargo from theft and tampering starts with educating the shipper on 
security practices. A standard preventive measure is to use packing procedures 
that immediately show tampering. Sealing an item in plastic wrap and tightly 
packing are low-cost anti-tampering strategies. Radio-frequency electronic seals 
with GPS tracking capability to enable continual monitoring and anti-tamper 
detection are being developed. 

The theft of cargo occurs most commonly in the trucking phase, either by 
truck drivers or loaders working together or with others. Cargo is at greatest risk 
when being loaded or stored in a cargo facility. Access to cargo areas should be 
strictly controlled using computerized control systems that prevent unauthorized 
access to the facility and log authorized personnel when entering and exiting. 
CCTV systems should be used in cargo storage areas, together with frequent law 
enforcement and security patrols through the storage and load/offload areas. 


DRUG SMUGGLING 


Drug smuggling is a major form of crime in aviation. Smugglers frequently use 
airports and commercial aircraft for conducting their trade. Drug couriers often 
carry narcotics on their person or in carry-on luggage. Drugs are also smuggled in 
cargo holds through checked baggage or loaded as consigned air cargo. People 
working in the aviation industry have opportunity to exploit their access to smuggle 
drugs. In 2006, two federal air marshals were arrested for using their positions and 
access to smuggle cocaine from Bush Intercontinental Airport in Houston, TX, to 
Las Vegas, NV. In 1999, agents from the US Customs and Border Protection 
(CBP), Drug Enforcement Administration (DEA), and Bureau of Alcohol, Tobacco, 
and Firearms agencies arrested more than 55 airline workers at the Miami 
International Airport in Florida for being involved in a smuggling network that was 
bringing narcotics to the United States on commercial flights. 

Preventing drug smuggling via airlines requires a solid background check pre- 
hiring program that includes a check for misdemeanor offenses, CCTV surveillance 
of employee work areas, and confidential reporting programs such as anonymous 
tip lines. Employee education on what to look for can help employees spot potential 
drug trafficking activity.’ 

The DEA has been providing training to airport police and security officers 
under the auspices of a program called Operation Jetway, which predates the 
Screening of Passengers by Observation Techniques and Behavior Detection 





'The CBP provides antidrug smuggling training to airlines through the Carrier Initiative Program 
(CIP). The CBP offers two training programs: a 2-day antidrug smuggling seminar for senior-level 
managers, and a 1-day antidrug smuggling seminar for midlevel managers, supervisors, and front- 
line personnel. The CIP teaches airline employees the basics of narcotics search techniques, risk 
assessments, concealment techniques, document review, physical and procedural security, personnel 
hiring, drug source countries, drug characteristics, and internal smuggling conspiracies. 


Airport Crimes 


Officer programs in effectively identifying drug traffickers, money launderers, 
and couriers of various types moving through the airport environment. The 
Department of Homeland Security (DHS) and the TSA have requested DEA 
expertise in Operation Jetway training, and they regularly provide it to airport and 
local police responsible for policing airports. 


HUMAN TRAFFICKING 


Human trafficking is a serious crime that makes use of aviation transportation. 
According to the Polaris Project, a web site and organization focused on the 
prevention of human trafficking, it is the third largest and fastest growing crimi- 
nal industry in the world, victimizing millions of people and reaping billions in 
profit for the traffickers. Human trafficking can include selling victims into the 
sex trade industry, forced labor in factories, domestic servitude, forcing a victim 
to become someone’s spouse, or for the harvesting of human organs (see www. 
polarisproject.org for additional information regarding human trafficking). The 
aviation industry is an efficient form of transportation for the trafficking of 
humans worldwide, but awareness of the indicators that human trafficking is 
taking place can be an effective deterrent. 

In the United Kingdom, Operation Pentameter* is a high-profile campaign 
aimed at countering human trafficking through educational programs and aware- 
ness posters in and around airports. In February 2006, the program launched a 
joint effort between the 55 police forces of the United Kingdom, Scotland, Wales, 
Ireland, and Channels Island, along with the United Kingdom Immigration 
Service, Serious and Organized Crime Agency, and Crown Prosecution Service. 
During its 3-month operational phase, more than 188 victims of human trafficking 
were rescued, including 12 between the ages of 14 and 17. In this instance, 232 
people were also arrested. 

Indicators of human trafficking include missing or altered passports and other 
identification credentials. Verification of a traveler’s identity is an important way 
to deter and apprehend human traffickers. US citizens are now required to have a 
passport whenever traveling outside the United States, regardless of age or 
destination (including Canada and Mexico). Placing posters around airports 
encouraging women and children who are being held against their will to report 
their concerns and seek help is also an effective security measure. Other indica- 
tors of trafficking can be revealed during security questioning by asking travelers 
if they know where their journey is leading, if they have a passport, if they know 
whom they are meeting, and if they arranged their own travel. A well-trained 
security operative or law enforcement officer should be able to detect signs of 
deception or duress during this interview process. 





?See www.pentameter.police.uk/news.php?id=4. 
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TICKET FRAUD 


Ticket fraud was another common crime at airports in the United States, but since 
the TSA implemented the requirement to produce a photo identification along 
with the boarding pass, ticket fraud is mostly a crime of the past. 


OTHER CRIME 


The airport operator is concerned with thefts primarily from vehicles in parking 
lots and parking garages. Other forms of crime such as assault, rape, and robbery 
can also occur in parking garages and at outlying lots. Airport parking lots are 
located varying distances from the terminal building. Being able to manage the 
detection and response to crime under these conditions is a prime concern to 
the security practitioner. 


AIRPORT POLICING STRATEGIES 
COUNTERTERRORISM 


An estimated 12,000 + Federal Bureau of Investigation (FBI) counterterrorism 
agents operate in the United States compared to approximately 1,133,000 
state and local law enforcement officers (Mueller and Stewart, 2016, p. 249). 
After 9/11, the FBI deployed only 7,000 agents to canvass the nation. In compari- 
son, the New York City Police Department (NYPD) has nearly 38,000 officers to 
cover five boroughs (Clarke et al., 2006). In terms of intelligence gathering, 
around 9/11, few FBI agents were trained in Islamic radicalism, the Arabic 
language, the history of terrorism, and related subjects. Again in contrast, the 
NYPD has put together a counterterrorism unit that includes members of nearly 
every ethnic group in the world (Flynn, 2007). The United States does not have a 
federal force solely devoted to counterterrorism, and the agency most closely 
charged with the counterterrorism mission, the FBI, routinely transfers its agents 
throughout the country and the world. However, the expansion of Joint Terrorism 
Task Forces throughout the United States has increased both connection and 
cooperation between federal, state, and local officers. State and local law enforce- 
ment officers are fully integrated into the communities in which they work and 
live (Clarke et al., 2006). 

Terrorist attacks in the United States often require preparation, establishing 
safe houses, purchasing equipment and supplies, creating false documents, recruit- 
ing accomplices, surveillance, and practice sessions. Most of the requirements 
and related activities are potentially detectable by law enforcement agencies. In 
this regard, it is more likely that a terrorist operative will have a chance encounter 
with a local or state law enforcement officer than with a federal agent. 


Airport Policing Strategies 


The underlying security strategy in New York City is building local and state 
law enforcement personnel into “first preventers’”—as described by R. P. Eddy, a 
counterterrorism expert—not just first responders (Flynn, 2007). To build a first 
preventer mentality, police officers need to be trained to spot the support structures 
and activities of terrorists such as bomb making, preoperational surveillance, and 
religious radicalism (Clarke et al., 2006). 

Although cities like New York and Los Angeles have resources to fund 
counterterrorism efforts, such as hiring personnel and creating their own intelli- 
gence agencies,” many smaller cities, and particularly airports, do not. Training 
local and state law enforcement officers, especially airport police, to spot signs of 
terrorist preplanning activities can help turn first responders into first preventers, 
with little capital outlay. 

Terrorist operatives frequently plan or facilitate an attack while traveling by 
air. A police officer may spot an operative as the individual conducts surveillance 
on future targets. Routine training of police should focus on subjects such as 
recognizing chemicals used to construct explosive devices, materials needed for 
constructing weapons, and emerging threats. Officers should attend seminars by 
terrorism experts and relay that knowledge to their colleagues. 

The role of the small airport operator should not be ignored in counterterrorism 
training. Terrorists may use small commercial service airports to slip through 
security and gain access to a larger commercial service airport (as elements of the 
Japanese Red Army did in an attack on Israel’s Ben Gurion International Airport in 
1972). Small commercial service and GA airports have aircraft, fuel, and fire trucks 
that could be used in a terrorist attack and need to be kept secure. Training is a 
cost-effective measure to prevent terrorist attacks. 


ANTICRIME 


Policing an airport requires skills and knowledge that are usually not part of a 
police officer’s training. Although police generally respond to people having 
problems or breaking the law, the large majority of people an airport police 
officer encounters are law-abiding citizens, many of whom are nervous since they 
are out of their element and who may be more anxious than usual because of the 
stresses associated with air travel. When dealing with most of the travelers at 
airports, police need to interact with the traveling public with decorum and tact— 
which is a primary difference between “life on the streets” for a police officer 
and interacting with individuals at an airport. 

Robert Raffel (2001), writing for the FBI’s Law Enforcement Bulletin, notes 
that many officers newly assigned to the airport rarely understand the complexi- 
ties of the job. Airport police must handle a wide variety of crime, are often 
called on to resolve disputes or confiscate prohibited items at screening 





3In a study, the FBI criticized New York City for running an independent counterterrorism 
operation (Clarke et al., 2006). 
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checkpoints, and must verify the identity of other law enforcement officers 
traveling on official business and carrying firearms. They must also be on the 
lookout for and respond to potential violent criminal or terrorist incidents 
and still provide a regulatory enforcement function under the airport security 
program (ASP). 

Looking out for potential threats within the airport environment is a challenging 
responsibility for a police officer. In addition to employees and passengers, airports 
are filled with friends and family of passengers. Airports also attract some of the 
lost and lonely who seek airports as safe environments. Outside the airport, there 
are ground transportation companies, taxi and limo drivers, bus drivers, hotel 
shuttle van operators, and others conducting business. Individuals who enjoy 
watching aircraft may also be scattered just outside the airport’s outer perimeter. 
Intermixed in this highly complex environment are individuals who may look 
and act like any of the aforementioned individuals at an airport. However, these 
individuals may be planning crime, conducting surveillance for a terrorist attack, or 
in the process of executing an attack. 

Passengers generally fall into two categories: business travelers and vaca- 
tioners. There are some smaller subgroups, such as those traveling because of a 
family emergency, a death in the family, or other sort of tragedy or urgency. 
Business travelers tend to know the system, ask few questions, are dressed in 
business or business-casual attire, and carry little luggage. What luggage they do 
have is usually carry-on and not checked baggage. Vacationers often dress 
casually. They have checked luggage but little carry-on luggage (except for 
families with small children). Vacationers usually travel in groups or as a family, 
and they seem to smile more than the business travelers do. Vacationers usually 
have a relaxed, easy-going manner—unless they experience circumstances such 
as a delayed schedule or lost luggage. The third group—those traveling because 
of an emergency—tend to have less baggage and be focused inwardly. These tra- 
velers may exhibit what is known as a thousand-yard stare. Emergency travelers 
may pray or speak quietly to themselves and seem more anxious than business or 
vacationer travelers. This is problematic because these behaviors are potential 
indicators of a suicide bomber. 

Police officers should temper the response to an upset passenger by first 
attempting to understand the problem and then defuse the situation before an 
arrest becomes necessary. For example, a mother who is being told her infant 
daughter is on the no-fly list will be understandably upset when she is forced to 
go through additional time and effort to prove that her daughter is not the person 
whose name is on the no-fly list. This situation requires a great deal of under- 
standing on the part of responding law enforcement personnel. Bad weather, 
maintenance problems with aircraft, and other routine aviation issues that are 
beyond the control of the passengers but are causing some to miss vacations or 
others to miss expensive business meetings can severely increase the passengers’ 
stress levels. Therefore, law enforcement personnel must exercise understanding 
and diplomacy to diffuse these situations. 


Airport Policing Strategies 


Through Title 49 CFR Part 1542, the airport police have a responsibility 
within the ASP to enforce the rules and regulations at their assigned airport. This 
provides the airport security coordinator (ASC) with a respectable level of input 
as to how police are used at the airport. Deployment of police will depend on 
recent threat assessments. Generally, more police should be deployed to watch 
the landside areas, for traffic congestion, and for signs of an attack via a vehicle- 
borne improvised explosive device or a suicide bomber entering the terminal 
building. Police should be deployed throughout the public areas of the airport, as 
these areas are open to anyone without being subjected to security screening. 
Police in the concourse and sterile areas can help prevent other types of crime, 
such as theft and shoplifting. Officers should be aware that an airport employee 
could have brought a weapon into the sterile area, and therefore they should 
always use caution. 

Many airport police departments have taken an active role in reaching out to 
the airlines and tenants and in providing their personnel with additional training 
in airport law enforcement practices. The Austin Bergstrom Airport in Texas has 
55 sworn law enforcement officers who are required to undergo a 3-week orienta- 
tion to the airport environment after being assigned to the unit. This is followed 
up with 100 hours of additional training every year in job-related subjects, includ- 
ing emergency medical training. At the London Gatwick Airport, the police 
commander spends a lot of his time interacting with the airport tenants, learning 
about their problems, and building relationships. Michael Burris (2005) stated that 
good security-related customer-service skills are not easily learned or developed. 
These skills must be retaught and honed as daily pressures can exasperate even 
the most seasoned professionals. 

Because airports have large areas for police to cover, much of which is not 
amenable to vehicle use, some airports have equipped their patrol officers with 
bicycles. Bicycles allow officers to patrol more area, go where a patrol car 
cannot, catch a fleeing suspect, and approach a situation quickly and silently 
when necessary. Bicycles are much cheaper than a patrol vehicle. 

Some airports have adopted the Segway for their patrol officer or security 
guard use. A Segway has the advantage of placing an officer up to 8 in. higher 
than the crowd and allows the officer to maneuver through a crowd more easily 
than on a bicycle and to not have to dismount to go through a door. A Segway 
provides high visibility and faster response times than the officer would have 
on foot. 

Patrol vehicles are still needed to cover the airfield perimeter, to transfer peo- 
ple, and to carry equipment. Additional police vehicles should include response 
platforms able to move into position on an aircraft rapidly and with minimal 
waiting time to deploy the boarding ladder. These so-called raider vehicles can be 
custom built and stored at the airport for use by law enforcement or federal 
response agencies such as the FBI Hostage Rescue Team. Other support vehicles 
should be acquired as necessary, such as on-scene command platforms and 
armored vehicles. 
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Officers should receive extensive training on airfield driving practices and reg- 
ulations so that they are able to enforce those practices while on the airfield and 
can avoid driving onto the runways and taxiways or in front of moving aircraft. 
Aircraft always have the right of way because of the limited visibility afforded 
the pilots and the inability of an aircraft to move as adeptly as a land vehicle. 

Some organizations, such as the American Association of Airport Executives 
(AAAF) and the International Air Transport Association, offer courses on airport 
law enforcement techniques and practices. ALEAN provides an excellent support 
network for airport police and sheriff departments and has airport staffing duties 
to share information and best practices. 

Crisis management can be another area new to a law enforcement officer. 
When there is a security incident at an airport, numerous parties are involved, and 
many have some level of authority. The airport director is responsible under 
federal regulation Title 14 CFR Part 139.325 Airport Emergency Plan (AEP). The 
ASC is responsible under Title 49 CFR Part 1543.307 Incident Management. 
The TSA’s federal security director also shares responsibility for the management 
of the incident, and, depending on the presence of other agencies, the FBI and the 
local law enforcement agency may also share responsibility. Who is actually in 
charge of moving assets and making decisions largely depends on the nature of 
the incident and the responsibilities as assigned in the AEP and the ASP. Law 
enforcement officers should be well versed in their roles under both of these 
documents. 

Other tactics can help policing at an airport, including the use of process 
matrices. At the Boston Logan International Airport in Massachusetts, security 
staff have developed and employ a tracking system to help determine which areas 
of the airport need more attention in terms of reducing theft or other problems. 
The tracking system also helps determine how officers are deployed, including 
special SMG patrols,* which are used as deterrence to a terminal shooting or 
bombing attack and as a rapid-response force to any attack. Theft activities in the 
baggage claim areas can be tracked using matrices, along with theft activities in 
the parking structures and deployment of security assets. 


POLICING GA 


Policing a commercial service airport differs greatly from policing a GA airport. 
A prime challenge to securing GA airports is that their environments vary from 
commercial airport environments and among the populace of GA airports. For 
example, the major tenants at a commercial service airport are usually airlines. At 
a GA airport, the major tenants are typically fixed-base operators (FBOs). Except 
at some of the larger and busiest GA airports, there may not be a fence with 





4SMG, in this case, is an acronym for submachine gun. 


Policing GA 


access gates around the airport. This makes it difficult to determine which vehi- 
cles and personnel are authorized to be on the airfield. At many GA airports, there 
may not be an onsite airport manager. Frequently, the FBO staff also provides 
airport operational and management functions and, in some cases, air traffic 
advisory services. 

Larger GA airports usually have access control systems, air traffic control 
towers, management, operational, and maintenance staff. Some GA airports cater 
specifically to agricultural traffic, corporate business jet traffic, aircraft and flight 
training, or many other types of GA-related flight activity (including various 
combinations). 

Individuals at commercial service airports are primarily passengers, airport 
and airport businesses employees, and those employed by the government. At GA 
airports, stakeholders are commonly those who keep their privately owned aircraft 
at the airport or work in flight schools, aircraft maintenances centers, restaurants, 
FBOs, or corporate aircraft operations. Regardless of the size, most GA airports 
do not have their own police force. Law enforcement for GA airports is usually 
provided by the law enforcement agency responsible for the geographic area in 
which the airport is located. After 9/11, some cities and counties assigned more 
personnel or frequent patrols to GA airports in their jurisdictions. Rarely does a 
GA airport have its own police officer assigned to it. 

The first action a police officer with a GA airport within his or her patrol area 
should do is introduce him- or herself to the airport manager and the tenants. A 
police officer may have to contact the local city or county to determine the iden- 
tity and contact information of the GA airport manager. The officer should have a 
map of the airfield noting key entrance and exit points. The officer should request 
an airfield familiarization with airport staff to understand airfield markings and 
how to avoid driving on runways or taxiways when responding or patrolling. 

Police officers should obtain an airport directory noting the locations of the 
various structures, hangars, and businesses to make responding to an incident eas- 
ier. Many hangars and airport facilities look alike, so without a proper numbering 
system on the outside, it can be difficult for police officers to know where to 
respond to based on a street address alone. If airport buildings do not have visible 
numbers, police should request that they be numbered. Police officers should 
have point-of-contact information for the airport management or operations 
staff—whoever should be notified in the event of a problem at the airport. 

Officers with GA airports as part of their routine patrol area should get to 
know some of the tenants and not just the major businesses. Often there will be a 
contingent of locals who enjoy visiting the airport as much as they enjoy flying 
their aircraft. These people are adept at identifying strangers or odd occurrences 
at the airport. Officers should try to ensure that these individuals have appropriate 
emergency contact information. 

When patrolling a GA airport, officers should look for things out of the 
ordinary. Although it is relatively easy to access the airfield of a GA airport, it is 
difficult for people to look like they have a purpose for being there when they do 
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not. On the FBO ramp, an officer would likely see fuel trucks operating in and 
around aircraft and frequently personnel assisting passengers and pilots on and off 
their flights. Pilots of corporate aircraft are usually dressed in a uniform or some 
sort of business attire. Pilots around small private aircraft could be dressed 
casually. Passengers on an FBO ramp generally tend to stay near their assigned 
aircraft. However, pilots will wander freely around other aircraft. They will not 
normally walk out onto the taxiway or runway. 

Near the runways and taxiways, there should only be airfield maintenance 
personnel, airport operations or management personnel conducting airfield inspec- 
tions, or Federal Aviation Administration (FAA) maintenance personnel. When 
there is an aircraft emergency, firefighting personnel and equipment may also be 
in these areas. 

Flight schools are frequently part of or associated with FBOs. Law officers 
should be aware that there are likely to be students and instructors and others 
pilots on the flight school ramp. Flight students conduct inspections of their 
assigned aircraft and often do so without the instructor present. Passengers may 
also be on the ramp but will generally be close to the aircraft; if they wander off, 
they tend not to go too far. If they are wandering too far from the area, police 
might consider stopping them to ask questions. 

Corporations often own larger hangars, and officers will likely see larger 
business jet aircraft in these areas. It is not unusual for a corporation to have its 
own aircraft fuel facility that should be secured when not in use. Small hangars 
are usually leased or owned by private aircraft owners and pilots and may be a 
place that pilots and visitors use for socialization. 

Aircraft charter operations are common at many GA airports. They can 
operate similar to a commercial airline operation. Many charter operators screen 
their passengers for prohibited items and closely control the boarding. Officers 
should watch these ramp areas to ensure that people do not wander from the 
charter aircraft loading/unloading area and that others do not enter the loading/ 
unloading area without being properly screened. 

Other critical security points on a GA airfield include the control tower, the 
airport or FBO fueling facilities, aircraft fuel trucks, onsite aircraft rescue and 
firefighting trucks and equipment and, in some cases, high-profile hangar and 
office areas. Some corporations are targets for crime and terrorism, and there 
have been incidents of corporate officers and assets, such as the aircraft or hangar 
facilities, being in danger of damage or destruction. 


PROFESSIONAL SECURITY OFFICERS 


In addition to law enforcement officers, many commercial service airports have a 
contingent of unarmed security officers. Security personnel today run the gamut 
from companies that provide a virtual private army to protect US contractors in 


Professional Security Officers 


war zones, to the classic night watchman walking through a warehouse armed 
only with a radio and watch clock. Today, the industry includes trained and pro- 
fessional security officers, loss prevention officers, and facility security managers, 
often meeting various higher levels of training and, in some cases, certification. 
Unfortunately, prior to 9/11 these trained and educated professionals had gone 
largely unnoticed by the aviation community, but their use is becoming more 
widespread, particularly as airports discover their cost-effectiveness and their 
ability to fulfill many roles. Before 9/11, there was a general feeling in the avia- 
tion community that to be an effective ASC, one had to come up through the 
ranks. After 9/11, the aviation security industry was flooded with former federal, 
state, and local law enforcement officers and retired military officers. This influx 
was driven by the misperception that the skills of a federal agent or police or a 
military officer were directly transferable and immediately applicable to the 
civilian aviation industry. While taking nothing away from the perspective and 
background of these people, the professional security manager should be consid- 
ered when deciding the personnel needed to protect an airport or airline operation 
from crime and terrorism. 

The ASIS International is the world’s largest organization for security profes- 
sionals, with more than 36,000 members. ASIS International has numerous educa- 
tional programs to enable its members to stay ahead of threats and understand 
countermeasures. It provides a comprehensive certification program for security 
professionals to earn the Certified Protection Professional designation. This 
certification should be considered an asset for anyone being hired as an airport or 
aircraft security manager and something those already working in the field should 
consider obtaining. 

Security professionals who already have this skill set should consider obtain- 
ing certification in an aviation area, such as the certified member status of the 
AAAE, which will help the security professional understand the nature of airport 
operations. 

An unarmed and unsworn private security officer does not help an airport or 
aircraft operator meet regulatory requirements for law enforcement coverage, but 
this individual can free up law enforcement personnel for other patrol and regula- 
tory enforcement duties. Security officers do help airport operators fulfill TSA- 
mandated minimum security staffing requirements for airfield personnel. Security 
officers can be used in a variety of areas including those listed in Table 12.2. 

Security officers provide a diverse array of services for their employers 
and clients, including staffing security operations centers, customer service, 
airfield escorts, and additional security for airport construction projects. Security 
officers are part of a holistic ASP, not a stand-alone resource, and where the 
regulations allow, there are in some cases security officers being used to replace 
police officers, freeing up armed law enforcement personnel for other duties. 
Security officers also play an important public relations role and are often the first 
contact visitors, customers, vendors, or employees have with an organization 
(ASIS, 2011). 
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Table 12.2 Typical Duties Performed by Security Officers 

* Staffing airport perimeter gates and conducting vehicle and personnel searches of 
vendors and others accessing the airfield. 

e Monitoring CCTV camera operations in a security operations center. 


¢ Staffing airfield access doors, particularly high-activity doors, such as those used by 
flight crews and airport workers. These have a high rate of violations as employees tend 
to hold a door open for one another (as both have access/ID badges) or airline flight 
crews carry luggage and have a tendency to lag the luggage behind them, setting off 
people count® alarms. 


e Responding to incidents and contingencies, such as increases to the color-coded DHS 
Alert System. Security guards often provide additional services during these increases, 
such as staffing incoming personal vehicle checkpoints in landside operations areas and 
providing additional security patrols throughout the concourse and terminal areas. 


e Doing airfield vehicle patrols to watch for intrusions of the airfield perimeter; monitoring 
aviation employee activities including compliance with the ASP. 


e Searching, evacuating, and providing resterilization assistance when a breach of 
security has occurred. 


e Patrolling the internal terminal and concourse to monitor security (and safety) events 
and activities, including compliance with the ASP. 


e Issuing notices of violations of the ASP to aviation personnel working on the airfield. 


e Protecting the exit lanes of a screening checkpoint, particularly when the screening 
checkpoints are not in operation.” 


“People count is a term used in reference to an access control system. A people count occurs when 
more than one individual accesses a door but only one has presented an access/ID badge to the 
reading device. Many people count violations occur when the electronic eye detects a piece of 
luggage or a too! that the individual is carrying, rather than an actual person. 

This was primarily a TSA duty. 


The number of officers required for an airport is determined by the physical 
complexity and size of the airport, the number of employees, the work require- 
ments (security operations center, here Filtrol, staffing gates for responding to 
alarms), the amount of escorts’ and special assignments required, and the number 
of access points (ASIS, 2011). 

The basic functions of security officers are to control access throughout the 
facility; patrol buildings and the airfield; escort personnel into security areas; look 
for security problems, fire, hazardous material issues, or other safety issues; 
provide emergency response and in many cases respond to door alarms and 
breaches (ASIS, 2011). 

Security officers frequently control access to a facility and provide credentialing 
and visitor badging services. They can identify and question individuals who 





The term escort is used to describe a situation when an individual does not have an authorized 
access/ID media for an airport security area and must be escorted by authorized personnel, such as 
a security officer, airport operations or airport police personnel. 


Professional Security Officers 


remove property from the facility, and monitor materials, individuals, and vehicles 
entering and leaving the airport (ASIS, 2011). 

Security officers should be trained in the reporting of hazards, proper patrol 
techniques, the physical layout of the facility including all shortcuts and dead 
ends, and how to handle employees and passengers who have either broken the 
law or violated the airport’s rules and regulations (ASIS, 2011). Further, they 
should be advised of unique activities such as construction work, emergency exer- 
cises or training, or airport emergencies such as an aircraft incident or accident. 

Security officers generally operate per documentation known as post orders. 
Post orders outline the specific procedures security guards follow at a given 
position. For example, the post orders at an airfield perimeter gate outline the 
process for allowing or denying access of personnel and vehicles into and out of 
the security areas. Vehicle search procedures and visitor badge requirements may 
be included with various protocols on the notification of the airport operations 
department of a potential security issue. Post orders are usually very specific and 
should be reviewed frequently to ensure consistency with airfield security 
practices and relevance to new security requirements. 

A large part of a security officer’s success depends on the ability to observe. 
Kane noted that “most mission statements for security organizations define their 
principle duties as deterrence, detection and reporting” (2000, p. 85). Observation 
skills play a critical role in deterrence and detection. A security officer must be 
able to spot a suspicious person or item and recognize that individual or item as a 
specific threat. Many security positions are characterized by repetitive, often 
monotonous tasks that can lead to a lack of vigilance. To become a prudent 
observer, security personnel must develop “reactive” observation skills (Kane, 
2000). These skills are necessary to not just detect and deter potential criminal or 
terrorist activity, but also to be an expert witness to an event and able to provide 
an accurate description of an event and the parties involved to law enforcement 
agencies. 

Proactive observation includes such skills as recognizing something out of 
the ordinary. Unusual observations might include vehicles without license plates 
or a vehicle heavily loaded beyond normal capacity, an access/ID badge that is 
not valid, a door left open, or an unattended bag. A common method of improv- 
ing observation skills is a training exercise such as requiring security personnel 
to memorize a specific pattern of items in a room, or a set of dissimilar objects, 
then involve them in a “distracter” activity for a period, after which they are 
asked to recreate visually or on paper the information previously memorized. 
Another method is having security personnel watch recorded coverage of an 
actual incident and then write a narrative report on what they have seen. Kane 
(2000) recommended that this activity be administered unexpectedly in the 
middle of a lecture on another subject, to disrupt the routine and better simulate 
a real-world situation. To reinforce the learning, the instructor should go back 
over the recorded event and discuss with trainees the most important elements 
(Kane, 2000). 
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RED TEAMING 


Red teaming is used to reveal weaknesses in security programs with red team 
members usually operating outside standard testing protocols. Red teams are used 
to identify vulnerabilities or provide feedback before criminal or terrorist 
activity. The term red team was not formally established until the US military 
began using it during the Cold War, and it was standardized in the 2000s (Zenko, 
2015, p. 9). In 2015, a report was released that showed red teams from the DHS 
Office of the Inspector General tested airport security and were able to success- 
fully get prohibited items past TSA screeners 97% of the time. The IG’s office 
helps balance a criticism of the TSA since its inception—the fact that TSA not 
only performs a previously privatized security function (ie, screening) but also 
regulates that same function, which is akin to grading one’s own homework. 
According to the Sandia National Laboratory: 


Red Teaming is a tool for analyzing systems from a malevolent adversarial 
perspective. It is often used as an objective tool to optimize systems by eliminat- 
ing their weaknesses in a design/assess cycle. It can also be applied to guide 
system development, train system operators, develop adversarial profiles and 


footprints, and analyze intelligence data from a particular perspective. 
Sandia, 2007, p. 1 


Red teams can be used to scrutinize and challenge day-to-day operations, 
particularly security operations, and may also be used when management is facing 
a significant one-time decision (Zenko, 2015, p. 9). While red teaming is effective 
at identifying weaknesses, the significant challenge of the practice lies in the fact 
that many managers do not want to be embarrassed by a display of their organiza- 
tions short-comings, and people are inherently reluctant to let go of institutional 
biases (Zenko, 2015, p. 9). According to Zenko: 


When red teaming is faithfully conducted, correctly interpreted, and judiciously 
acted upon, it can reveal important shortcomings in an institution’s methods 
and strategies. Yet it is just as possible for red teams to be flawed in design or 
execution, or, as some practitioners say, ‘prostituted’. (p. 21) 


Before 9/11, the FAA frequently used red teams to attempt to penetrate airport 
and airline security systems, and they were frequently successful. The concept 
stemmed from the Presidential Commission on Aviation Security and Terrorism, 
which was formed after the bombing of Pan Am Flight 103 and the downing of 





©The concept of red teaming could be associated with a practice that is 5000 years old. The Roman 
Catholic Church, looking to add rigor to the process of selecting individuals for sainthood, created 
the notion of Advocatus Diaboli, more commonly called today, the Devil’s Advocate. The advocate 
would prepare a counter argument to why an individual should not be selected for sainthood 
(Zenko, 2015, p. 9), much the way an attorney prepares to argue both sides of a case, in order to 
better understand the issues. 
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PSA Flight 1771 by an airline employee. During an FAA inspection of Pan Am’s 
Frankfurt operation 2 months prior to the bombing, the FAA inspector pointed 
out a lack of tracking interline luggage, typically tracked to ensure the positive 
passenger bag match was conducted during passenger transfers, which ultimately 
was deemed to be the failure that allowed the bomb to slip through the security 
process. 

Unfortunately, many of the results of the FAA’s red teams were routinely 
ignored, and the process was flawed from the start. While the FAA hired former 
Navy SEALs and others with the right background for this type of work, their 
efforts were stonewalled at every turn. First, the red teams drew intelligence 
reports from the FBI and CIA, but the teams found the information to be of such 
poor quality that they relied on open-source information, such as the media, and 
informal police tactics and thinking, as the basis for emulating terrorist attacks 
(Zenko, 2015, p. 145). As the red team members identified one weakness after 
another, their findings were never directly shared with airport or airline security 
personnel, and FAA fines to operators for security failures were reduced in about 
80% of the cases (Zenko, 2015, p. 146). 

After 9/11, at the cost of 2996 lives, the FAA continued their pre-9/11 strate- 
gies of obfuscation of the real threats, and more pretending to listen publically, 
while privately stonewalling any attempts to fix the problems. By November, 
with the creation of the TSA, Congress took the FAA out of the security business 
(Zenko, 2015, p. 151). 

Since 9/11, the inspector general for the DHS has continued to conduct red 
team testing. Airports and aircraft operators can also conduct their own red team 
testing. However, several parameters must be observed to ensure that the 
operation of the test is safe and that it is conducted in a manner that provides 
the best feedback for the agency being tested. Unlike formal security exercises, 
red team tests often take place without notification to the entity being tested and 
personnel often use unorthodox tactics. 

The red team process today seems to be working somewhat better, as shown by 
the DHS Inspector General’s identification of several screening failures during tests 
in 2015. Former TSA Administrator John Pistole (who is also a deputy director of 
the FBI), labeled the IG’s red teams as super-terrorists, due to their intricate knowl- 
edge of the aviation security system, but former FAA red team member Bogdan 
Dzakovic and long time critic of the FAA’s (and the TSA’s) use of red teams, 
labels them as “pink teams” “because they are using a testing regiment that fits 
within the confines of the bureaucratic needs” (Zenko, 2015, p. 155). 

That said, the concept of using red teams is an invaluable component of 
airport and airline security, and whether or not the TSA makes changes based on 
red team tests, airport and airline operators should adopt the tactic to ensure their 
own security measures is money well spent—for the right reasons and on the right 
threats. 

In 2002, al-Qaeda affiliated terrorists fired two shoulder-launched Russian 
built SA-7 missiles at an Arkia Israel airlines flight as it departed Moi 
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International Airport in Mombassa, Kenya. Although the terrorists missed both 
times, likely due to countermeasures built into that model of 757, the United 
States decided to take a serious look at the threat. In 2003, Secretary of State 
Colin Powell warned that no threat is more serious to aviation (Zenko, 2015, 
p. 156). By 2004, Congress directed the TSA to study the issue, to determine how 
a motivated terrorist group would attempt to bring down a civilian airliner—also 
around this time, the late techno-thriller author Tom Clancy released a novel 
describing such an attack. Red teams were put together comprising of FBI, US 
Secret Service, and DOD representatives and focused on the highest risk airports 
in the United States (Zenko, 2015, p. 156). 

What the teams soon discovered is that the shooting range around an airport 
for an SA-7, the most widely illegally trafficked surface-to-air missile in the 
world, was a few hundred square miles. To narrow down the likely shooting 
zones, the teams made four assumptions about the threat (Zenko, 2015, p. 157). 


1. The attackers would not be of the “lone gunman” variety but would be a 
small team, which included a security element to protect the shooter, as well 
as a video element to capture the attack for propaganda purposes. 
Additionally, the shooter would be highly trained and likely have been 
brought into the country undetected (this study was conducted long before the 
insider threat became a significant concern to the industry) (p. 157). 

2. The terrorists would have political objectives, which means they would aim 
for an Israeli or American domestic carrier, which would require some aircraft 
identification training, and listening to (and understanding to some extent) the 
air traffic control feed from the tower. This assumption was made prior to the 
advent of Internet sites that show air traffic and their country of origin and 
flight number (p. 157). 

3. The attack would have to be planned, which means extensive surveillance of 
airport takeoff and landing patterns would have to be conducted, exposing 
certain members of the team to survey a runway for weeks or months in 
advance (p. 158). 

4. The missile shot would be during the aircraft takeoff rather than landing. An 
aircraft taking off is less maneuverable than when landing and carries much 
more fuel. Shooting an aircraft on landing may still enable the pilot to land 
the aircraft as the SA-7 is heat seeking and will likely go after an engine. 
Pilots are routinely trained to land with an engine out, and US Airway pilots 
Chesley Sullenberg and Jeffrey Skiles showed that one can successfully land a 
large airplane without any engines working (p. 158). 


As with any threat assessment, the bad guy gets a vote and may take actions 
outside of the assumptive ones the red team’s testing was predicated on, but risk 
management is an exercise in probabilities, not certainties. Unlike pre-9/11 FAA 
red team models, the findings of the vulnerability assessments were shared with 
airports and used to develop a crisis response plan if intelligence indicated 
that there was an active terrorist plot to shoot down a commercial airliner. 
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The assessments also helped identify jurisdictional issues relating to which agency 
would be responsible for responding to an attack—presuming air traffic controllers 
would be able to identify and estimate the location of the launch site from its 
smoke trail. Unfortunately, according to author Micah Zenko, a more complete 
comprehensive red team effort is necessary (2015, p. 160). Zenko notes that ISIS 
released an online guide in 2014 on how to shoot down helicopters using shoulder- 
fired missiles, which compelled DHS officials to publicly highlight their earlier red 
team efforts to reduce the risk of a surface-to-air missile attack on a civilian 
airliner. Also, the initial assessment was conducted over a decade ago, and as 
Zenko notes: “an important red teaming practice is to not do it too infrequently, 
lest the targeted institution become hidebound and complacent” (p. 160). 

Red team testing can be used to test for penetration of an access control 
system, such as a door, gate, or security screening checkpoint. It can also be used 
to determine if a screener is spotting prohibited items during a security inspection, 
to determine if a perimeter breach is detected, and to determine if an adversary’s 
intelligence-gathering attempts are successful. The challenge program called for 
under Title 49 CFR Part 1542, where the ASC is required to establish a program 
that specifically tests whether airport workers are challenging anyone they see in 
the SIDA without a proper access/ID badge, is similar to a red team test in its 
most basic form. 

Typical local red team testing includes approved airport personnel wearing an 
access/ID badge other than their own or wearing an expired access/ID badge and 
attempting access through a checkpoint. It can include approved testing personnel 
pushing open an alarmed door and testing the response time of security personnel, 
and testing personnel entering the security areas and attempting to elude security 
personnel. Many airport and airline operators do not have the extra personnel 
needed to plan and conduct red team testing, so consideration should be given to 
contracting out some testing or working with local military or law enforcement 
organizations to provide a volunteer testing force. 

Red team members should find ways to defeat any access control system, 
personnel identification system, or screening system, but the results of their 
testing should be carefully considered in the overall security of the airport. Many 
testers have an unorthodox knowledge of the security workings of an airport or an 
airline, beyond that of most criminals or terrorists (Cheston, 2006). This should 
not prevent airports and airlines from paying close attention to the results, particu- 
larly if the testers employed tactics that required little knowledge of the aviation 
system. One unfortunate result of red team testing is that it can embarrass 
administration and management personnel with the results of the test being 
“pushed under the carpet” and future testing ignored. 

Another reason red teaming may be avoided is that once a threat is identified, 
an airport or airline operator is often compelled to act on it. If funds are not 
available to mitigate the discovered threat, then some administrators feel they 
should not conduct a red team exercise. This approach is not intelligent on the part 
of administrators. Failing to identify the risks and hazards is also a huge liability. 
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Red teams can be used to develop a comprehensive threat matrix for an airport or 
airline (Cheston, 2006), from which intelligent spending decisions can be made. 
A solid matrix may also be used to argue for additional spending or grant money to 
fix the largest holes in the security system. 


EMERGING ISSUES 


The rapid advances in the field of unmanned aerial vehicles and security issues 
are previously addressed in Chapter 9, General Aviation and Unmanned Aerial 
Vehicle Security, but other rapidly advancing technologies that could affect 
aviation security include spaceport operations and NextGen. Spaceport security 
has traditionally resembled security at a federal facility or military base. Strict 
access controls are usually in place for a launch, and both astronauts and every 
thing on board is thoroughly vetted and approved. Up until recently, space flight 
was not a public form of transportation, but as more spaceports are constructed 
and become operational, spaceport operators may find themselves having to adopt 
airport security related principles. 

In addition to securing space flight operations from terrorist and criminal 
threats, the flight operations facilities themselves may also require additional secu- 
rity measures to protect proprietary information. Spaceflight operational security 
may be more of a challenge for the GA airport operator, as many new spaceport 
applications are affiliated with either a stand-alone location or co-located at a GA 
airport. 

NextGen is the complete upgrade of the nation’s air traffic control system, but 
brings with it numerous security challenges. While NextGen will eventually 
require that every aircraft have a GPS transmitter and receiver, the air-to-ground 
connections that would be necessary for such a system may become vulnerable to 
cyber-attack. 


CONCLUSIONS 


The nature of aviation security operations must continue to evolve to both meet 
new threats and to adapt to the unique nature of a transportation system. Airport 
police must focus not just on crime prevention but also understand basic facility 
security principles. Aviation security professionals must remember that the 
purpose of an airport and aircraft is to move people and materials, and that the 
vast majority of the traveling public, and their associated baggage and cargo, 
present little to no risk to the system. Airport police officers and security profes- 
sionals also fulfill an important role as ambassadors to the airport, the city, and 
the community that relies on the economic benefits of air travel. 


Conclusions 


However, aviation presents different opportunities for crime, such as baggage 
and cargo theft, and as a transportation system allows for the facilitation of 
human trafficking and drugs and weapons smuggling. Security professionals must 


be trained in the indicators and how to interdict these types of activities. 





AIRPORT POLICE AND SECURITY OPERATIONS 


Patrick M. Gannon 
Chief of Security and Public Safety/Chief of Airport Police, Los Angeles World Airports 


In 2012, I applied to become the Chief of Airport Police at Los Angeles World Airports. With 34 
years of law enforcement experience, I felt that I had a skill set that could help keep Los Angeles 
International Airport (LAX) and our other two airports safe and secure. At the time it was my 
belief that police operations and security operations were synonymous. I learned quickly that this 
was not the case and to be successful I needed to understand the differences between these two 
public safety disciplines. 

I was encouraged by a friend to meet with the security manager of one of our airlines at LAX. 
This security professional was a wealth of knowledge. He explained to me that generally accepted 
law enforcement strategies for reducing crime were different from strong security strategies used to 
protect an airport. However, at the end of the conversation it appeared to me that the safety and 
security of our airports really relies on a blend of effective law enforcement and security strategies. 

The Los Angeles Airport Police is a large police agency with nearly 550 sworn police 
officers, 430 security officers, and a professional staff of 160 civilians. Our security philosophy is 
not much different than most of the airports I am familiar with. We layer our security at our 
airport with the use of intelligence, technology, data analysis, algorithms used for police and 
security deployment, fixed posts, and random action measures to name a few. 

We are fortunate that our airports are well staffed with law enforcement and security 
professionals dedicated to keeping our passengers and airport stakeholders safe. In addition to our 
own personnel, we actively participate in Federal and local task forces. It takes effective 
partnerships to keep our airports as safe as they can be. Airports large and small must use the 
resources of these partnerships to augment their own deployment. 

LAX has seen its share of recent violence. On July 4, 2002, an Egyptian national entered the 
ticketing area in the International terminal with a handgun and opened fire on passengers waiting 
in line at the El Al (Israeli Airline) ticket counter. The suspect was ultimately shot and killed, but 
not before he killed two people and wounded four others. On November 1, 2013, a 23-year-old 
male entered Terminal 3 at LAX with a grudge against TSA. This individual opened fire with an 
assault rifle killing a TSA officer and wounding two other TSA officers and a passenger before 
being stopped by Los Angeles Airport Police Officers. 

These two attacks came through the front door of our airport and we know that it can happen 
again. We continue to focus attention in this area hoping to prevent a similar attack. However, we 
also know that this is not the only potential threat to our airports. In this past year, there were 
revelations that airport employees at other airports were using their secure access privileges to 
ship guns and narcotics on commercial aircraft. These most recent events have captured the 
attention of Congress and Federal regulators. As a result, a flurry of legislative and regulatory 
mandates has been initiated to address this “insider threat.” The challenge for airport security 
professionals is to make sure that we pay attention to all of the threats to our airports. We do not 
have the luxury of concentrating on only one type of threat. We must remember to always focus 
our efforts on both the front and the back doors of our airports. We can never take our eyes off of 
one door to secure the other. 
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The tragic incidents at LAX or the smuggling of guns and narcotics remind us of how 
vulnerable we are at our airports. How do we prevent these types of attacks? Can they be 
prevented? Is it possible in an airport that served 74 million passengers in 2015 to be in all places 
at all times? The answer is obviously no. 

Keeping our airports safe and secure is a tall order. Law enforcement and security personnel 
alone cannot accomplish this difficult task. The entire airport community must be enlisted. So, 
how do we accomplish this? 

For years, progressive law enforcement agencies have built strong relationships with their 
communities in order to reduce crime. They understand that a safer community can only occur when 
everyone works together. In successful communities, neighbors are the eyes and ears of the police. 

So, who is the community we serve at our airports? Our passengers are part of our airport 
community, but they tend to be at our airports for only short periods of time as they arrive or 
depart. However, the real community at our airports is the people who keep the airport operating. 
Skycaps, concessioners, baggage handlers, ticket agents, and maintenance workers are only a few 
of the people who enable an airport to operate. It is these individuals that we need to build 
relationships with in order to keep our airports safe and secure. 

There are over 48,000 credentialed employees who work at LAX. Some people look at these 
individuals as 48,000 potential threats to our airport. I choose to look at them as 48,000 sets of 
eyes capable of observing behavior that is uncharacteristic or suspicious and reporting that 
information to airport police who can respond quickly to investigate. 

At LAX, we have chosen to use “Community Policing” as part of our safety and security 
philosophy. It is through community policing that we hope to bring our safety and security team 
closer to our community and to address problems quickly and effectively. 

It is not possible to keep all bad people out of our airports. We hire from the human race and 
people are unfortunately fallible. Whether the bad behavior is fueled by greed or a subversive 
ideology we must have as many people as possible willing to provide us information on behavior 
that threatens our airports. We can have a great impact on these individuals if we develop better 
relationships with our airport community. 

Community policing is a simple concept that emphasizes partnerships and problem solving. At 
LAX we have selected community-minded police officers and security officers to develop these 
partnerships with our airport community. Everyday these officers are looking for opportunities to 
partner with all of the various stakeholders. These partnerships promote confidence in our public 
safety agency and increase the odds that a member of this community will report suspicious 
behavior before a terrorist act or a criminal incident occurs. 

Community policing also emphasizes problem solving. Few airports were built with today’s 
security concerns in mind. As a result, safety and security personnel are counted on to spot 
vulnerabilities or to be open to listening to our stakeholders and their concerns. Our willingness to 
engage our community, listen to their concerns, and to work collectively to address issues makes 
it more likely that these individuals will have the confidence to approach our officers when 
something looks amiss. 

The security problems facing our airports today are complex. We must be proactive in our 
approach and engage our airport communities, develop a relationship with them, and work 
together to overcome the potential threats we face. If we are successful this may be the key to 
stopping a terrorist attack or disrupting a criminal enterprise which is clearly our mission. 





A new focus in many areas of the aviation industry is the development of 
comprehensive risk management and mitigation systems. The identification of risks 
and the implementation of mitigation and preparation strategies is an important part of 
aviation security. SeMSs take advantage of the research into this developing field, and 
when tied into vulnerability assessments, may prevent or mitigate the damage from 
future attacks. 
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